Mercurial > hg
view contrib/undumprevlog @ 33658:db83a1df03fe stable
subrepo: add tests for git rogue ssh urls (SEC)
'ssh://' has an exploit that will pass the url blindly to the ssh
command, allowing a malicious person to have a subrepo with
'-oProxyCommand' which could run arbitrary code on a user's machine. In
addition, at least on Windows, a pipe '|' is able to execute arbitrary
commands.
When this happens, let's throw a big abort into the user's face so that
they can inspect what's going on.
| author | Sean Farley <sean@farley.io> |
|---|---|
| date | Mon, 31 Jul 2017 14:55:11 -0700 |
| parents | 8d3e8c8c9049 |
| children | 5d9890d8ca77 |
line wrap: on
line source
#!/usr/bin/env python # Undump a dump from dumprevlog # $ hg init # $ undumprevlog < repo.dump from __future__ import absolute_import import sys from mercurial import ( node, revlog, transaction, util, vfs as vfsmod, ) for fp in (sys.stdin, sys.stdout, sys.stderr): util.setbinary(fp) opener = vfsmod.vfs('.', False) tr = transaction.transaction(sys.stderr.write, opener, {'store': opener}, "undump.journal") while True: l = sys.stdin.readline() if not l: break if l.startswith("file:"): f = l[6:-1] r = revlog.revlog(opener, f) print f elif l.startswith("node:"): n = node.bin(l[6:-1]) elif l.startswith("linkrev:"): lr = int(l[9:-1]) elif l.startswith("parents:"): p = l[9:-1].split() p1 = node.bin(p[0]) p2 = node.bin(p[1]) elif l.startswith("length:"): length = int(l[8:-1]) sys.stdin.readline() # start marker d = sys.stdin.read(length) sys.stdin.readline() # end marker r.addrevision(d, tr, lr, p1, p2) tr.close()