Mercurial > hg

diff mercurial/subrepo.py @ 33641:173ecccb9ee7 stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
subrepo: add tests for svn rogue ssh urls (SEC) 'ssh://' has an exploit that will pass the url blindly to the ssh command, allowing a malicious person to have a subrepo with '-oProxyCommand' which could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' is able to execute arbitrary commands. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.
author Sean Farley <sean@farley.io>
date Mon, 31 Jul 2017 16:44:17 -0700
parents 2406dbba49bd
children ca398a50ca00
line wrap: on
line diff
--- a/mercurial/subrepo.py	Mon Jul 31 16:04:44 2017 -0700
+++ b/mercurial/subrepo.py	Mon Jul 31 16:44:17 2017 -0700
@@ -1274,6 +1274,10 @@
         # The revision must be specified at the end of the URL to properly
         # update to a directory which has since been deleted and recreated.
         args.append('%s@%s' % (state[0], state[1]))
+
+        # SEC: check that the ssh url is safe
+        util.checksafessh(state[0])
+
         status, err = self._svncommand(args, failok=True)
         _sanitize(self.ui, self.wvfs, '.svn')
         if not re.search('Checked out revision [0-9]+.', status):