subrepo: add tests for hg rogue ssh urls (SEC)
'ssh://' has an exploit that will pass the url blindly to the ssh
command, allowing a malicious person to have a subrepo with
'-oProxyCommand' which could run arbitrary code on a user's machine. In
addition, at least on Windows, a pipe '|' is able to execute arbitrary
commands.
When this happens, let's throw a big abort into the user's face so that
they can inspect what's going on.
# showstack.py - extension to dump a Python stack trace on signal
#
# binds to both SIGQUIT (Ctrl-\) and SIGINFO (Ctrl-T on BSDs)
from __future__ import absolute_import
import signal
import sys
import traceback
def sigshow(*args):
sys.stderr.write("\n")
traceback.print_stack(args[1], limit=10, file=sys.stderr)
sys.stderr.write("----\n")
def extsetup(ui):
signal.signal(signal.SIGQUIT, sigshow)
try:
signal.signal(signal.SIGINFO, sigshow)
except AttributeError:
pass