subrepo: add tests for hg rogue ssh urls (SEC)
'ssh://' has an exploit that will pass the url blindly to the ssh
command, allowing a malicious person to have a subrepo with
'-oProxyCommand' which could run arbitrary code on a user's machine. In
addition, at least on Windows, a pipe '|' is able to execute arbitrary
commands.
When this happens, let's throw a big abort into the user's face so that
they can inspect what's going on.
#!/usr/bin/env python
# Undump a dump from dumprevlog
# $ hg init
# $ undumprevlog < repo.dump
from __future__ import absolute_import
import sys
from mercurial import (
node,
revlog,
transaction,
util,
vfs as vfsmod,
)
for fp in (sys.stdin, sys.stdout, sys.stderr):
util.setbinary(fp)
opener = vfsmod.vfs('.', False)
tr = transaction.transaction(sys.stderr.write, opener, {'store': opener},
"undump.journal")
while True:
l = sys.stdin.readline()
if not l:
break
if l.startswith("file:"):
f = l[6:-1]
r = revlog.revlog(opener, f)
print f
elif l.startswith("node:"):
n = node.bin(l[6:-1])
elif l.startswith("linkrev:"):
lr = int(l[9:-1])
elif l.startswith("parents:"):
p = l[9:-1].split()
p1 = node.bin(p[0])
p2 = node.bin(p[1])
elif l.startswith("length:"):
length = int(l[8:-1])
sys.stdin.readline() # start marker
d = sys.stdin.read(length)
sys.stdin.readline() # end marker
r.addrevision(d, tr, lr, p1, p2)
tr.close()