##// END OF EJS Templates
util: add utility method to check for bad ssh urls (SEC)...
util: add utility method to check for bad ssh urls (SEC) Our use of SSH has an exploit that will parse the first part of an url blindly as a hostname. Prior to this set of security patches, a url with '-oProxyCommand' could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' can be abused to execute arbitrary commands in a similar fashion. We defend against this by checking ssh:// URLs and looking for a hostname that starts with a - or contains a |. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.

File last commit:

r31050:20653270 default
r33723:0b3fe391 stable
Show More
txnutil.py
36 lines | 1.0 KiB | text/x-python | PythonLexer
# txnutil.py - transaction related utilities
#
# Copyright FUJIWARA Katsunori <foozy@lares.dti.ne.jp> and others
#
# This software may be used and distributed according to the terms of the
# GNU General Public License version 2 or any later version.
from __future__ import absolute_import
import errno
from . import (
encoding,
)
def mayhavepending(root):
'''return whether 'root' may have pending changes, which are
visible to this process.
'''
return root == encoding.environ.get('HG_PENDING')
def trypending(root, vfs, filename, **kwargs):
'''Open file to be read according to HG_PENDING environment variable
This opens '.pending' of specified 'filename' only when HG_PENDING
is equal to 'root'.
This returns '(fp, is_pending_opened)' tuple.
'''
if mayhavepending(root):
try:
return (vfs('%s.pending' % filename, **kwargs), True)
except IOError as inst:
if inst.errno != errno.ENOENT:
raise
return (vfs(filename, **kwargs), False)