##// END OF EJS Templates
pull: add tests for unsafe ssh url (SEC)
Sean Farley -
r33710:92b583e3 stable
parent child Browse files
Show More
@@ -105,4 +105,23 b' regular shell commands.'
105 105 $ URL=`$PYTHON -c "import os; print 'file://localhost' + ('/' + os.getcwd().replace(os.sep, '/')).replace('//', '/') + '/../test'"`
106 106 $ hg pull -q "$URL"
107 107
108 SEC: check for unsafe ssh url
109
110 $ hg pull 'ssh://-oProxyCommand=touch${IFS}owned/path'
111 pulling from ssh://-oProxyCommand%3Dtouch%24%7BIFS%7Downed/path
112 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path'
113 [255]
114 $ hg pull 'ssh://%2DoProxyCommand=touch${IFS}owned/path'
115 pulling from ssh://-oProxyCommand%3Dtouch%24%7BIFS%7Downed/path
116 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path'
117 [255]
118 $ hg pull 'ssh://fakehost|shellcommand/path'
119 pulling from ssh://fakehost%7Cshellcommand/path
120 abort: potentially unsafe url: 'ssh://fakehost|shellcommand/path'
121 [255]
122 $ hg pull 'ssh://fakehost%7Cshellcommand/path'
123 pulling from ssh://fakehost%7Cshellcommand/path
124 abort: potentially unsafe url: 'ssh://fakehost|shellcommand/path'
125 [255]
126
108 127 $ cd ..
General Comments 0
You need to be logged in to leave comments. Login now