Mercurial: tests/README@0b3fe3910ef5 (annotated)

util: add utility method to check for bad ssh urls (SEC) Our use of SSH has an exploit that will parse the first part of an url blindly as a hostname. Prior to this set of security patches, a url with '-oProxyCommand' could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' can be abused to execute arbitrary commands in a similar fashion. We defend against this by checking ssh:// URLs and looking for a hostname that starts with a - or contains a |. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.

332 6c869059beb4 testing fixups mpm@selenic.com parents: 331 diff changeset	1	To run the tests, do:
6c869059beb4 testing fixups mpm@selenic.com parents: 331 diff changeset	2
6c869059beb4 testing fixups mpm@selenic.com parents: 331 diff changeset	3	cd tests/
2207 8a2a7f7d9df6 Delete the shell version of run-tests Stephen Darnell <stephen@darnell.plus.com> parents: 1933 diff changeset	4	python run-tests.py
332 6c869059beb4 testing fixups mpm@selenic.com parents: 331 diff changeset	5
26421 4b0fc75f9403 urls: bulk-change primary website URLs Matt Mackall <mpm@selenic.com> parents: 8936 diff changeset	6	See https://mercurial-scm.org/wiki/WritingTests for
3934 d0bbd8ee50c7 Move test suite docs to the wiki Matt Mackall <mpm@selenic.com> parents: 3199 diff changeset	7	more information on writing tests.

author	Sean Farley <sean@farley.io>
	Fri, 28 Jul 2017 16:32:25 -0700
branch	stable
changeset 33650	0b3fe3910ef5
parent 26421	4b0fc75f9403
permissions	-rw-r--r--