Mercurial > hg-git
diff tests/test-pull.t @ 1043:9b09dd0a6308
ssh: expand test coverage for ssh vulnerability
| author | Kevin Bullock <kbullock@ringworld.org> |
|---|---|
| date | Wed, 09 Aug 2017 21:34:15 -0400 |
| parents | 1a1d90e38651 |
| children | c35751c248c3 |
line wrap: on
line diff
--- a/tests/test-pull.t Fri Aug 04 14:34:57 2017 -0700 +++ b/tests/test-pull.t Wed Aug 09 21:34:15 2017 -0400 @@ -349,3 +349,20 @@ date: Mon Jan 01 00:00:12 2007 +0000 summary: add delta + +test for ssh vulnerability + + $ hg init a + $ cd a + $ hg pull 'git+ssh://-oProxyCommand=rm${IFS}nonexistent/path' | grep -v 'destination\|pulling from' + abort: potentially unsafe hostname: '-oProxyCommand=rm${IFS}nonexistent' + [1] + $ hg pull 'git+ssh://-oProxyCommand=rm%20nonexistent/path' | grep -v 'destination\|pulling from' + abort: potentially unsafe hostname: '-oProxyCommand=rm nonexistent' + [1] + $ hg pull 'git+ssh://fakehost|shellcommand/path' | grep -v 'destination\|pulling from' + abort: potentially unsafe hostname: 'fakehost|shellcommand' + [1] + $ hg pull 'git+ssh://fakehost%7Cshellcommand/path' | grep -v 'destination\|pulling from' + abort: potentially unsafe hostname: 'fakehost|shellcommand' + [1]