Mercurial > hg
comparison mercurial/windows.py @ 33635:e10745311406 stable
ssh: ban any username@host or host that starts with - (SEC)
This paranoia probably isn't required, but it can't hurt either.
| author | Augie Fackler <augie@google.com> |
|---|---|
| date | Fri, 04 Aug 2017 14:00:03 -0400 |
| parents | 87f293edabb6 |
| children | 00a75672a9cb |
comparison
equal
deleted
inserted
replaced
| 33634:53224b1ffbc2 | 33635:e10745311406 |
|---|---|
| 15 import sys | 15 import sys |
| 16 | 16 |
| 17 from .i18n import _ | 17 from .i18n import _ |
| 18 from . import ( | 18 from . import ( |
| 19 encoding, | 19 encoding, |
| 20 error, | |
| 20 osutil, | 21 osutil, |
| 21 pycompat, | 22 pycompat, |
| 22 win32, | 23 win32, |
| 23 ) | 24 ) |
| 24 | 25 |
| 197 | 198 |
| 198 def sshargs(sshcmd, host, user, port): | 199 def sshargs(sshcmd, host, user, port): |
| 199 '''Build argument list for ssh or Plink''' | 200 '''Build argument list for ssh or Plink''' |
| 200 pflag = 'plink' in sshcmd.lower() and '-P' or '-p' | 201 pflag = 'plink' in sshcmd.lower() and '-P' or '-p' |
| 201 args = user and ("%s@%s" % (user, host)) or host | 202 args = user and ("%s@%s" % (user, host)) or host |
| 203 if args.startswith('-') or args.startswith('/'): | |
| 204 raise error.Abort( | |
| 205 _('illegal ssh hostname or username starting with - or /: %s') % | |
| 206 args) | |
| 202 return port and ("%s %s %s" % (args, pflag, port)) or args | 207 return port and ("%s %s %s" % (args, pflag, port)) or args |
| 203 | 208 |
| 204 def setflags(f, l, x): | 209 def setflags(f, l, x): |
| 205 pass | 210 pass |
| 206 | 211 |