Mercurial > hg
comparison tests/test-push.t @ 33660:3fee7f7d2da0 stable 4.3.1
ssh: unban the use of pipe character in user@host:port string
This vulnerability was fixed by the previous patch and there were more ways
to exploit than using '|shellcmd'. So it doesn't make sense to reject only
pipe character.
Test cases are updated to actually try to exploit the bug. As the SSH bridge
of git/svn subrepos are not managed by our code, the tests for non-hg subrepos
are just removed.
This may be folded into the original patches.
| author | Yuya Nishihara <yuya@tcha.org> |
|---|---|
| date | Mon, 07 Aug 2017 22:22:28 +0900 |
| parents | 48d520fdf880 |
| children | eb586ed5d8ce |
comparison
equal
deleted
inserted
replaced
| 33659:8cb9e921ef8c | 33660:3fee7f7d2da0 |
|---|---|
| 317 adding file changes | 317 adding file changes |
| 318 added 1 changesets with 1 changes to 1 files | 318 added 1 changesets with 1 changes to 1 files |
| 319 | 319 |
| 320 SEC: check for unsafe ssh url | 320 SEC: check for unsafe ssh url |
| 321 | 321 |
| 322 $ cat >> $HGRCPATH << EOF | |
| 323 > [ui] | |
| 324 > ssh = sh -c "read l; read l; read l" | |
| 325 > EOF | |
| 326 | |
| 322 $ hg -R test-revflag push 'ssh://-oProxyCommand=touch${IFS}owned/path' | 327 $ hg -R test-revflag push 'ssh://-oProxyCommand=touch${IFS}owned/path' |
| 323 pushing to ssh://-oProxyCommand%3Dtouch%24%7BIFS%7Downed/path | 328 pushing to ssh://-oProxyCommand%3Dtouch%24%7BIFS%7Downed/path |
| 324 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' | 329 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' |
| 325 [255] | 330 [255] |
| 326 $ hg -R test-revflag push 'ssh://%2DoProxyCommand=touch${IFS}owned/path' | 331 $ hg -R test-revflag push 'ssh://%2DoProxyCommand=touch${IFS}owned/path' |
| 327 pushing to ssh://-oProxyCommand%3Dtouch%24%7BIFS%7Downed/path | 332 pushing to ssh://-oProxyCommand%3Dtouch%24%7BIFS%7Downed/path |
| 328 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' | 333 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' |
| 329 [255] | 334 [255] |
| 330 $ hg -R test-revflag push 'ssh://fakehost|shellcommand/path' | 335 $ hg -R test-revflag push 'ssh://fakehost|touch${IFS}owned/path' |
| 331 pushing to ssh://fakehost%7Cshellcommand/path | 336 pushing to ssh://fakehost%7Ctouch%24%7BIFS%7Downed/path |
| 332 abort: potentially unsafe url: 'ssh://fakehost|shellcommand/path' | 337 abort: no suitable response from remote hg! |
| 333 [255] | 338 [255] |
| 334 $ hg -R test-revflag push 'ssh://fakehost%7Cshellcommand/path' | 339 $ hg -R test-revflag push 'ssh://fakehost%7Ctouch%20owned/path' |
| 335 pushing to ssh://fakehost%7Cshellcommand/path | 340 pushing to ssh://fakehost%7Ctouch%20owned/path |
| 336 abort: potentially unsafe url: 'ssh://fakehost|shellcommand/path' | 341 abort: no suitable response from remote hg! |
| 337 [255] | 342 [255] |
| 343 | |
| 344 $ [ ! -f owned ] || echo 'you got owned' |