# HG changeset patch
# User Sean Farley <sean@farley.io>
# Date 2017-08-01 21:40:19
# Node ID f93975a5ebe8e0e96c8c1220ee6cb2a0e49cc9b9
# Parent  e10745311406a9c6d2938583028ee2aaf74dd2bd

sshpeer: check for safe ssh url (SEC)

Checking in the sshpeer for a rogue ssh:// urls seems like the right
place to do it (instead of whack-a-mole with pull, clone, push, etc).

diff --git a/mercurial/sshpeer.py b/mercurial/sshpeer.py
--- a/mercurial/sshpeer.py
+++ b/mercurial/sshpeer.py
@@ -138,6 +138,8 @@ class sshpeer(wireproto.wirepeer):
         if u.scheme != 'ssh' or not u.host or u.path is None:
             self._abort(error.RepoError(_("couldn't parse location %s") % path))
 
+        util.checksafessh(path)
+
         self.user = u.user
         if u.passwd is not None:
             self._abort(error.RepoError(_("password in URL not supported")))