subrepo: add tests for hg rogue ssh urls (SEC)
'ssh://' has an exploit that will pass the url blindly to the ssh
command, allowing a malicious person to have a subrepo with
'-oProxyCommand' which could run arbitrary code on a user's machine. In
addition, at least on Windows, a pipe '|' is able to execute arbitrary
commands.
When this happens, let's throw a big abort into the user's face so that
they can inspect what's going on.
#!/bin/rc
# 9mail - Mercurial email wrapper for upas/marshal
fn usage {
echo >[1=2] usage: mercurial/9mail -f from to [cc]
exit usage
}
from=()
cc=()
to=()
switch($1){
case -f
from=$2
case *
usage
}
to=($3)
if(~ $#* 4)
cc=(-C $4)
upasname=$from
upas/marshal $cc $to