Mercurial > hg
comparison mercurial/windows.py @ 33635:e10745311406 stable
ssh: ban any username@host or host that starts with - (SEC)
This paranoia probably isn't required, but it can't hurt either.
author | Augie Fackler <augie@google.com> |
---|---|
date | Fri, 04 Aug 2017 14:00:03 -0400 |
parents | 87f293edabb6 |
children | 00a75672a9cb |
comparison
equal
deleted
inserted
replaced
33634:53224b1ffbc2 | 33635:e10745311406 |
---|---|
15 import sys | 15 import sys |
16 | 16 |
17 from .i18n import _ | 17 from .i18n import _ |
18 from . import ( | 18 from . import ( |
19 encoding, | 19 encoding, |
20 error, | |
20 osutil, | 21 osutil, |
21 pycompat, | 22 pycompat, |
22 win32, | 23 win32, |
23 ) | 24 ) |
24 | 25 |
197 | 198 |
198 def sshargs(sshcmd, host, user, port): | 199 def sshargs(sshcmd, host, user, port): |
199 '''Build argument list for ssh or Plink''' | 200 '''Build argument list for ssh or Plink''' |
200 pflag = 'plink' in sshcmd.lower() and '-P' or '-p' | 201 pflag = 'plink' in sshcmd.lower() and '-P' or '-p' |
201 args = user and ("%s@%s" % (user, host)) or host | 202 args = user and ("%s@%s" % (user, host)) or host |
203 if args.startswith('-') or args.startswith('/'): | |
204 raise error.Abort( | |
205 _('illegal ssh hostname or username starting with - or /: %s') % | |
206 args) | |
202 return port and ("%s %s %s" % (args, pflag, port)) or args | 207 return port and ("%s %s %s" % (args, pflag, port)) or args |
203 | 208 |
204 def setflags(f, l, x): | 209 def setflags(f, l, x): |
205 pass | 210 pass |
206 | 211 |