##// END OF EJS Templates
subrepo: add tests for git rogue ssh urls (SEC)...
Sean Farley -
r33714:ca398a50 stable
parent child Browse files
Show More
@@ -1543,6 +1543,9 b' class gitsubrepo(abstractsubrepo):'
1543
1543
1544 def _fetch(self, source, revision):
1544 def _fetch(self, source, revision):
1545 if self._gitmissing():
1545 if self._gitmissing():
1546 # SEC: check for safe ssh url
1547 util.checksafessh(source)
1548
1546 source = self._abssource(source)
1549 source = self._abssource(source)
1547 self.ui.status(_('cloning subrepo %s from %s\n') %
1550 self.ui.status(_('cloning subrepo %s from %s\n') %
1548 (self._relpath, source))
1551 (self._relpath, source))
@@ -1173,3 +1173,58 b' whitelisting of ext should be respected '
1173 [255]
1173 [255]
1174 $ f -Dq pwned.txt
1174 $ f -Dq pwned.txt
1175 pwned: you asked for it
1175 pwned: you asked for it
1176
1177 test for ssh exploit with git subrepos 2017-07-25
1178
1179 $ hg init malicious-proxycommand
1180 $ cd malicious-proxycommand
1181 $ echo 's = [git]ssh://-oProxyCommand=rm${IFS}non-existent/path' > .hgsub
1182 $ git init s
1183 Initialized empty Git repository in $TESTTMP/tc/malicious-proxycommand/s/.git/
1184 $ cd s
1185 $ git commit --allow-empty -m 'empty'
1186 [master (root-commit) 153f934] empty
1187 $ cd ..
1188 $ hg add .hgsub
1189 $ hg ci -m 'add subrepo'
1190 $ cd ..
1191 $ hg clone malicious-proxycommand malicious-proxycommand-clone
1192 updating to branch default
1193 abort: potentially unsafe url: 'ssh://-oProxyCommand=rm${IFS}non-existent/path' (in subrepo s)
1194 [255]
1195
1196 also check that a percent encoded '-' (%2D) doesn't work
1197
1198 $ cd malicious-proxycommand
1199 $ echo 's = [git]ssh://%2DoProxyCommand=rm${IFS}non-existent/path' > .hgsub
1200 $ hg ci -m 'change url to percent encoded'
1201 $ cd ..
1202 $ rm -r malicious-proxycommand-clone
1203 $ hg clone malicious-proxycommand malicious-proxycommand-clone
1204 updating to branch default
1205 abort: potentially unsafe url: 'ssh://-oProxyCommand=rm${IFS}non-existent/path' (in subrepo s)
1206 [255]
1207
1208 also check for a pipe
1209
1210 $ cd malicious-proxycommand
1211 $ echo 's = [git]ssh://fakehost|shell/path' > .hgsub
1212 $ hg ci -m 'change url to pipe'
1213 $ cd ..
1214 $ rm -r malicious-proxycommand-clone
1215 $ hg clone malicious-proxycommand malicious-proxycommand-clone
1216 updating to branch default
1217 abort: potentially unsafe url: 'ssh://fakehost|shell/path' (in subrepo s)
1218 [255]
1219
1220 also check that a percent encoded '|' (%7C) doesn't work
1221
1222 $ cd malicious-proxycommand
1223 $ echo 's = [git]ssh://fakehost%7Cshell/path' > .hgsub
1224 $ hg ci -m 'change url to percent encoded'
1225 $ cd ..
1226 $ rm -r malicious-proxycommand-clone
1227 $ hg clone malicious-proxycommand malicious-proxycommand-clone
1228 updating to branch default
1229 abort: potentially unsafe url: 'ssh://fakehost|shell/path' (in subrepo s)
1230 [255]
General Comments 0
You need to be logged in to leave comments. Login now