Mercurial > hg
comparison tests/test-clone.t @ 33659:8cb9e921ef8c stable
ssh: quote parameters using shellquote (SEC)
This patch uses shellquote to quote ssh parameters more strictly to avoid
shell injection.
| author | Jun Wu <quark@fb.com> |
|---|---|
| date | Fri, 04 Aug 2017 23:54:12 -0700 |
| parents | 0bcceb58b036 |
| children | 3fee7f7d2da0 |
comparison
equal
deleted
inserted
replaced
| 33658:db83a1df03fe | 33659:8cb9e921ef8c |
|---|---|
| 1098 updating working directory | 1098 updating working directory |
| 1099 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | 1099 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
| 1100 | 1100 |
| 1101 SEC: check for unsafe ssh url | 1101 SEC: check for unsafe ssh url |
| 1102 | 1102 |
| 1103 $ cat >> $HGRCPATH << EOF | |
| 1104 > [ui] | |
| 1105 > ssh = sh -c "read l; read l; read l" | |
| 1106 > EOF | |
| 1107 | |
| 1103 $ hg clone 'ssh://-oProxyCommand=touch${IFS}owned/path' | 1108 $ hg clone 'ssh://-oProxyCommand=touch${IFS}owned/path' |
| 1104 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' | 1109 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' |
| 1105 [255] | 1110 [255] |
| 1106 $ hg clone 'ssh://%2DoProxyCommand=touch${IFS}owned/path' | 1111 $ hg clone 'ssh://%2DoProxyCommand=touch${IFS}owned/path' |
| 1107 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' | 1112 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' |
| 1114 [255] | 1119 [255] |
| 1115 | 1120 |
| 1116 $ hg clone 'ssh://-oProxyCommand=touch owned%20foo@example.com/nonexistent/path' | 1121 $ hg clone 'ssh://-oProxyCommand=touch owned%20foo@example.com/nonexistent/path' |
| 1117 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch owned foo@example.com/nonexistent/path' | 1122 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch owned foo@example.com/nonexistent/path' |
| 1118 [255] | 1123 [255] |
| 1124 | |
| 1125 #if windows | |
| 1126 $ hg clone "ssh://%26touch%20owned%20/" --debug | |
| 1127 running sh -c "read l; read l; read l" "&touch owned " "hg -R . serve --stdio" | |
| 1128 sending hello command | |
| 1129 sending between command | |
| 1130 abort: no suitable response from remote hg! | |
| 1131 [255] | |
| 1132 $ hg clone "ssh://example.com:%26touch%20owned%20/" --debug | |
| 1133 running sh -c "read l; read l; read l" -p "&touch owned " example.com "hg -R . serve --stdio" | |
| 1134 sending hello command | |
| 1135 sending between command | |
| 1136 abort: no suitable response from remote hg! | |
| 1137 [255] | |
| 1138 #else | |
| 1139 $ hg clone "ssh://%3btouch%20owned%20/" --debug | |
| 1140 running sh -c "read l; read l; read l" ';touch owned ' 'hg -R . serve --stdio' | |
| 1141 sending hello command | |
| 1142 sending between command | |
| 1143 abort: no suitable response from remote hg! | |
| 1144 [255] | |
| 1145 $ hg clone "ssh://example.com:%3btouch%20owned%20/" --debug | |
| 1146 running sh -c "read l; read l; read l" -p ';touch owned ' example.com 'hg -R . serve --stdio' | |
| 1147 sending hello command | |
| 1148 sending between command | |
| 1149 abort: no suitable response from remote hg! | |
| 1150 [255] | |
| 1151 #endif | |
| 1152 | |
| 1153 $ hg clone "ssh://v-alid.example.com/" --debug | |
| 1154 running sh -c "read l; read l; read l" v-alid\.example\.com ['"]hg -R \. serve --stdio['"] (re) | |
| 1155 sending hello command | |
| 1156 sending between command | |
| 1157 abort: no suitable response from remote hg! | |
| 1158 [255] | |
| 1159 | |
| 1119 We should not have created a file named owned - if it exists, the | 1160 We should not have created a file named owned - if it exists, the |
| 1120 attack succeeded. | 1161 attack succeeded. |
| 1121 $ if test -f owned; then echo 'you got owned'; fi | 1162 $ if test -f owned; then echo 'you got owned'; fi |