subrepo: add tests for git rogue ssh urls (SEC)
'ssh://' has an exploit that will pass the url blindly to the ssh
command, allowing a malicious person to have a subrepo with
'-oProxyCommand' which could run arbitrary code on a user's machine. In
addition, at least on Windows, a pipe '|' is able to execute arbitrary
commands.
When this happens, let's throw a big abort into the user's face so that
they can inspect what's going on.
# RelaxNG schema for "xml" log style
# Inspired by Subversion's XML log format.
start = log
node.type = xsd:string {minLength = "40" maxLength = "40"}
log = element log { logentry+ }
logentry = element logentry {
logentry.attlist,
branch*, tag*, hgparent*,
author, date,
msg, paths?, copies?, extra*
}
logentry.attlist =
attribute revision {xsd:nonNegativeInteger}
& attribute node {node.type}
branch = element branch { text }
tag = element tag { text }
hgparent = element parent {hgparent.attlist, text}
hgparent.attlist =
attribute revision {xsd:integer {minInclusive = "-1"} }
& attribute node {node.type}
author = element author { author.attlist, text }
author.attlist =
attribute email {text}
date = element date {xsd:dateTime}
msg = element msg {msg.attlist, text}
msg.attlist =
attribute xml:space {"preserve"}
paths = element paths { path* }
path = element path { path.attlist, text }
path.attlist =
# Action: (A)dd, (M)odify, (R)emove
attribute action {"A"|"M"|"R"}
copies = element copies { copy+ }
copy = element copy { copy.attlist, text }
copy.attlist =
attribute source {text}
extra = element extra {extra.attlist, text}
extra.attlist =
attribute key {text}