Mercurial Mercurial > hg / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sshpeer: check for safe ssh url (SEC) stable
authorSean Farley <sean@farley.io>
Tue, 01 Aug 2017 14:40:19 -0700
branchstable
changeset 33636 f93975a5ebe8
parent 33635 e10745311406
child 33637 f9134e96ed0f
sshpeer: check for safe ssh url (SEC) Checking in the sshpeer for a rogue ssh:// urls seems like the right place to do it (instead of whack-a-mole with pull, clone, push, etc).
mercurial/sshpeer.py file | annotate | diff | comparison | revisions 
--- a/mercurial/sshpeer.py	Fri Aug 04 14:00:03 2017 -0400
+++ b/mercurial/sshpeer.py	Tue Aug 01 14:40:19 2017 -0700
@@ -138,6 +138,8 @@
         if u.scheme != 'ssh' or not u.host or u.path is None:
             self._abort(error.RepoError(_("couldn't parse location %s") % path))
 
+        util.checksafessh(path)
+
         self.user = u.user
         if u.passwd is not None:
             self._abort(error.RepoError(_("password in URL not supported")))
Mercurial