Mercurial > hg
comparison mercurial/sshpeer.py @ 33652:d7a1c4c1181d stable
sshpeer: check for safe ssh url (SEC)
Checking in the sshpeer for a rogue ssh:// urls seems like the right
place to do it (instead of whack-a-mole with pull, clone, push, etc).
| author | Sean Farley <sean@farley.io> |
|---|---|
| date | Tue, 01 Aug 2017 14:40:19 -0700 |
| parents | 0407a51b9d8c |
| children | 8cb9e921ef8c |
comparison
equal
deleted
inserted
replaced
| 33651:739cc0f9cbb4 | 33652:d7a1c4c1181d |
|---|---|
| 136 self.pipeo = self.pipei = self.pipee = None | 136 self.pipeo = self.pipei = self.pipee = None |
| 137 | 137 |
| 138 u = util.url(path, parsequery=False, parsefragment=False) | 138 u = util.url(path, parsequery=False, parsefragment=False) |
| 139 if u.scheme != 'ssh' or not u.host or u.path is None: | 139 if u.scheme != 'ssh' or not u.host or u.path is None: |
| 140 self._abort(error.RepoError(_("couldn't parse location %s") % path)) | 140 self._abort(error.RepoError(_("couldn't parse location %s") % path)) |
| 141 | |
| 142 util.checksafessh(path) | |
| 141 | 143 |
| 142 self.user = u.user | 144 self.user = u.user |
| 143 if u.passwd is not None: | 145 if u.passwd is not None: |
| 144 self._abort(error.RepoError(_("password in URL not supported"))) | 146 self._abort(error.RepoError(_("password in URL not supported"))) |
| 145 self.host = u.host | 147 self.host = u.host |