Mercurial > hg
comparison tests/test-push.t @ 33660:3fee7f7d2da0 stable 4.3.1
ssh: unban the use of pipe character in user@host:port string
This vulnerability was fixed by the previous patch and there were more ways
to exploit than using '|shellcmd'. So it doesn't make sense to reject only
pipe character.
Test cases are updated to actually try to exploit the bug. As the SSH bridge
of git/svn subrepos are not managed by our code, the tests for non-hg subrepos
are just removed.
This may be folded into the original patches.
author | Yuya Nishihara <yuya@tcha.org> |
---|---|
date | Mon, 07 Aug 2017 22:22:28 +0900 |
parents | 48d520fdf880 |
children | eb586ed5d8ce |
comparison
equal
deleted
inserted
replaced
33659:8cb9e921ef8c | 33660:3fee7f7d2da0 |
---|---|
317 adding file changes | 317 adding file changes |
318 added 1 changesets with 1 changes to 1 files | 318 added 1 changesets with 1 changes to 1 files |
319 | 319 |
320 SEC: check for unsafe ssh url | 320 SEC: check for unsafe ssh url |
321 | 321 |
322 $ cat >> $HGRCPATH << EOF | |
323 > [ui] | |
324 > ssh = sh -c "read l; read l; read l" | |
325 > EOF | |
326 | |
322 $ hg -R test-revflag push 'ssh://-oProxyCommand=touch${IFS}owned/path' | 327 $ hg -R test-revflag push 'ssh://-oProxyCommand=touch${IFS}owned/path' |
323 pushing to ssh://-oProxyCommand%3Dtouch%24%7BIFS%7Downed/path | 328 pushing to ssh://-oProxyCommand%3Dtouch%24%7BIFS%7Downed/path |
324 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' | 329 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' |
325 [255] | 330 [255] |
326 $ hg -R test-revflag push 'ssh://%2DoProxyCommand=touch${IFS}owned/path' | 331 $ hg -R test-revflag push 'ssh://%2DoProxyCommand=touch${IFS}owned/path' |
327 pushing to ssh://-oProxyCommand%3Dtouch%24%7BIFS%7Downed/path | 332 pushing to ssh://-oProxyCommand%3Dtouch%24%7BIFS%7Downed/path |
328 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' | 333 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' |
329 [255] | 334 [255] |
330 $ hg -R test-revflag push 'ssh://fakehost|shellcommand/path' | 335 $ hg -R test-revflag push 'ssh://fakehost|touch${IFS}owned/path' |
331 pushing to ssh://fakehost%7Cshellcommand/path | 336 pushing to ssh://fakehost%7Ctouch%24%7BIFS%7Downed/path |
332 abort: potentially unsafe url: 'ssh://fakehost|shellcommand/path' | 337 abort: no suitable response from remote hg! |
333 [255] | 338 [255] |
334 $ hg -R test-revflag push 'ssh://fakehost%7Cshellcommand/path' | 339 $ hg -R test-revflag push 'ssh://fakehost%7Ctouch%20owned/path' |
335 pushing to ssh://fakehost%7Cshellcommand/path | 340 pushing to ssh://fakehost%7Ctouch%20owned/path |
336 abort: potentially unsafe url: 'ssh://fakehost|shellcommand/path' | 341 abort: no suitable response from remote hg! |
337 [255] | 342 [255] |
343 | |
344 $ [ ! -f owned ] || echo 'you got owned' |