subrepo: add tests for hg rogue ssh urls (SEC)
'ssh://' has an exploit that will pass the url blindly to the ssh
command, allowing a malicious person to have a subrepo with
'-oProxyCommand' which could run arbitrary code on a user's machine. In
addition, at least on Windows, a pipe '|' is able to execute arbitrary
commands.
When this happens, let's throw a big abort into the user's face so that
they can inspect what's going on.
<?xml version="1.0" encoding="utf-8" standalone="no"?>
<installer-gui-script minSpecVersion="1">
<title>Mercurial SCM</title>
<organization>org.mercurial-scm</organization>
<options customize="never" require-scripts="false" rootVolumeOnly="true" />
<welcome file="Welcome.html" mime-type="text/html" />
<license file="../../COPYING" mime-type="text/plain" />
<readme file="Readme.html" mime-type="text/html" />
<pkg-ref id="org.mercurial-scm.mercurial"
version="0"
auth="root"
onConclusion="none">mercurial.pkg</pkg-ref>
<choices-outline>
<line choice="org.mercurial-scm.mercurial"/>
</choices-outline>
<choice id="org.mercurial-scm.mercurial" visible="false">
<pkg-ref id="org.mercurial-scm.mercurial"/>
</choice>
</installer-gui-script>