# HG changeset patch
# User Sean Farley <sean@farley.io>
# Date 2017-08-01 21:40:19
# Node ID d7a1c4c1181de446695123515b8bc0647a1b8fe3
# Parent  739cc0f9cbb4f39d47ab6c6b80db81fc46f61d8d

sshpeer: check for safe ssh url (SEC)

Checking in the sshpeer for a rogue ssh:// urls seems like the right
place to do it (instead of whack-a-mole with pull, clone, push, etc).

diff --git a/mercurial/sshpeer.py b/mercurial/sshpeer.py
--- a/mercurial/sshpeer.py
+++ b/mercurial/sshpeer.py
@@ -139,6 +139,8 @@ class sshpeer(wireproto.wirepeer):
         if u.scheme != 'ssh' or not u.host or u.path is None:
             self._abort(error.RepoError(_("couldn't parse location %s") % path))
 
+        util.checksafessh(path)
+
         self.user = u.user
         if u.passwd is not None:
             self._abort(error.RepoError(_("password in URL not supported")))