Mercurial: tests/test-clone.t comparison

comparison tests/test-clone.t @ 33660:3fee7f7d2da0 stable 4.3.1

ssh: unban the use of pipe character in user@host:port string This vulnerability was fixed by the previous patch and there were more ways to exploit than using '|shellcmd'. So it doesn't make sense to reject only pipe character. Test cases are updated to actually try to exploit the bug. As the SSH bridge of git/svn subrepos are not managed by our code, the tests for non-hg subrepos are just removed. This may be folded into the original patches.

author	Yuya Nishihara <yuya@tcha.org>
date	Mon, 07 Aug 2017 22:22:28 +0900
parents	8cb9e921ef8c
children	6c1a9fd8361b

comparison

equal deleted inserted replaced

-:8cb9e921ef8c
+:3fee7f7d2da0
 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path'
 [255]
 $ hg clone 'ssh://%2DoProxyCommand=touch${IFS}owned/path'
 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path'
 [255]
-$ hg clone 'ssh://fakehost|shellcommand/path'
+$ hg clone 'ssh://fakehost|touch%20owned/path'
-abort: potentially unsafe url: 'ssh://fakehost|shellcommand/path'
+abort: no suitable response from remote hg!
 [255]
-$ hg clone 'ssh://fakehost%7Cshellcommand/path'
+$ hg clone 'ssh://fakehost%7Ctouch%20owned/path'
-abort: potentially unsafe url: 'ssh://fakehost|shellcommand/path'
+abort: no suitable response from remote hg!
 [255]
 $ hg clone 'ssh://-oProxyCommand=touch owned%20foo@example.com/nonexistent/path'
 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch owned foo@example.com/nonexistent/path'
 [255]

Mercurial > hg

comparison tests/test-clone.t @ 33660:3fee7f7d2da0 stable 4.3.1