upstream/mercurial-mirror Files · mercurial/cext

subrepo: add tests for git rogue ssh urls (SEC)...

subrepo: add tests for git rogue ssh urls (SEC) 'ssh://' has an exploit that will pass the url blindly to the ssh command, allowing a malicious person to have a subrepo with '-oProxyCommand' which could run arbitrary code on a user's machine. In addition, at least on Windows, a pipe '|' is able to execute arbitrary commands. When this happens, let's throw a big abort into the user's face so that they can inspect what's going on.

Sean Farley -


            r33731:db83a1df

stable

Name	Size	Modified	Last Commit	Author
/ mercurial / cext
__init__.py	Loading ...
base85.c	Loading ...
bdiff.c	Loading ...
diffhelpers.c	Loading ...
dirs.c	Loading ...
manifest.c	Loading ...
mpatch.c	Loading ...
osutil.c	Loading ...
parsers.c	Loading ...
pathencode.c	Loading ...
revlog.c	Loading ...
util.h	Loading ...

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages