Mercurial > hg
comparison tests/test-clone.t @ 33659:8cb9e921ef8c stable
ssh: quote parameters using shellquote (SEC)
This patch uses shellquote to quote ssh parameters more strictly to avoid
shell injection.
author | Jun Wu <quark@fb.com> |
---|---|
date | Fri, 04 Aug 2017 23:54:12 -0700 |
parents | 0bcceb58b036 |
children | 3fee7f7d2da0 |
comparison
equal
deleted
inserted
replaced
33658:db83a1df03fe | 33659:8cb9e921ef8c |
---|---|
1098 updating working directory | 1098 updating working directory |
1099 1 files updated, 0 files merged, 0 files removed, 0 files unresolved | 1099 1 files updated, 0 files merged, 0 files removed, 0 files unresolved |
1100 | 1100 |
1101 SEC: check for unsafe ssh url | 1101 SEC: check for unsafe ssh url |
1102 | 1102 |
1103 $ cat >> $HGRCPATH << EOF | |
1104 > [ui] | |
1105 > ssh = sh -c "read l; read l; read l" | |
1106 > EOF | |
1107 | |
1103 $ hg clone 'ssh://-oProxyCommand=touch${IFS}owned/path' | 1108 $ hg clone 'ssh://-oProxyCommand=touch${IFS}owned/path' |
1104 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' | 1109 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' |
1105 [255] | 1110 [255] |
1106 $ hg clone 'ssh://%2DoProxyCommand=touch${IFS}owned/path' | 1111 $ hg clone 'ssh://%2DoProxyCommand=touch${IFS}owned/path' |
1107 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' | 1112 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' |
1114 [255] | 1119 [255] |
1115 | 1120 |
1116 $ hg clone 'ssh://-oProxyCommand=touch owned%20foo@example.com/nonexistent/path' | 1121 $ hg clone 'ssh://-oProxyCommand=touch owned%20foo@example.com/nonexistent/path' |
1117 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch owned foo@example.com/nonexistent/path' | 1122 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch owned foo@example.com/nonexistent/path' |
1118 [255] | 1123 [255] |
1124 | |
1125 #if windows | |
1126 $ hg clone "ssh://%26touch%20owned%20/" --debug | |
1127 running sh -c "read l; read l; read l" "&touch owned " "hg -R . serve --stdio" | |
1128 sending hello command | |
1129 sending between command | |
1130 abort: no suitable response from remote hg! | |
1131 [255] | |
1132 $ hg clone "ssh://example.com:%26touch%20owned%20/" --debug | |
1133 running sh -c "read l; read l; read l" -p "&touch owned " example.com "hg -R . serve --stdio" | |
1134 sending hello command | |
1135 sending between command | |
1136 abort: no suitable response from remote hg! | |
1137 [255] | |
1138 #else | |
1139 $ hg clone "ssh://%3btouch%20owned%20/" --debug | |
1140 running sh -c "read l; read l; read l" ';touch owned ' 'hg -R . serve --stdio' | |
1141 sending hello command | |
1142 sending between command | |
1143 abort: no suitable response from remote hg! | |
1144 [255] | |
1145 $ hg clone "ssh://example.com:%3btouch%20owned%20/" --debug | |
1146 running sh -c "read l; read l; read l" -p ';touch owned ' example.com 'hg -R . serve --stdio' | |
1147 sending hello command | |
1148 sending between command | |
1149 abort: no suitable response from remote hg! | |
1150 [255] | |
1151 #endif | |
1152 | |
1153 $ hg clone "ssh://v-alid.example.com/" --debug | |
1154 running sh -c "read l; read l; read l" v-alid\.example\.com ['"]hg -R \. serve --stdio['"] (re) | |
1155 sending hello command | |
1156 sending between command | |
1157 abort: no suitable response from remote hg! | |
1158 [255] | |
1159 | |
1119 We should not have created a file named owned - if it exists, the | 1160 We should not have created a file named owned - if it exists, the |
1120 attack succeeded. | 1161 attack succeeded. |
1121 $ if test -f owned; then echo 'you got owned'; fi | 1162 $ if test -f owned; then echo 'you got owned'; fi |