Mercurial > hg > hg-git
changeset 1044:9b09dd0a6308
ssh: expand test coverage for ssh vulnerability
author | Kevin Bullock <kbullock@ringworld.org> |
---|---|
date | Wed, 09 Aug 2017 21:34:15 -0400 |
parents | b4d2180739bb |
children | c35751c248c3 |
files | tests/test-git-clone.t tests/test-pull.t tests/test-push.t |
diffstat | 3 files changed, 37 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/tests/test-git-clone.t +++ b/tests/test-git-clone.t @@ -45,9 +45,9 @@ $ hg clone 'git+ssh://%2DoProxyCommand=rm${IFS}nonexistent/path' | grep -v 'destination\|pulling from' abort: potentially unsafe hostname: '-oProxyCommand=rm${IFS}nonexistent' [1] - - $ hg init a - $ cd a - $ hg pull 'git+ssh://-oProxyCommand=rm${IFS}nonexistent/path' | grep -v 'destination\|pulling from' - abort: potentially unsafe hostname: '-oProxyCommand=rm${IFS}nonexistent' + $ hg clone 'git+ssh://fakehost|shellcommand/path' | grep -v 'destination\|pulling from' + abort: potentially unsafe hostname: 'fakehost|shellcommand' [1] + $ hg clone 'git+ssh://fakehost%7Cshellcommand/path' | grep -v 'destination\|pulling from' + abort: potentially unsafe hostname: 'fakehost|shellcommand' + [1]
--- a/tests/test-pull.t +++ b/tests/test-pull.t @@ -349,3 +349,20 @@ date: Mon Jan 01 00:00:12 2007 +0000 summary: add delta + +test for ssh vulnerability + + $ hg init a + $ cd a + $ hg pull 'git+ssh://-oProxyCommand=rm${IFS}nonexistent/path' | grep -v 'destination\|pulling from' + abort: potentially unsafe hostname: '-oProxyCommand=rm${IFS}nonexistent' + [1] + $ hg pull 'git+ssh://-oProxyCommand=rm%20nonexistent/path' | grep -v 'destination\|pulling from' + abort: potentially unsafe hostname: '-oProxyCommand=rm nonexistent' + [1] + $ hg pull 'git+ssh://fakehost|shellcommand/path' | grep -v 'destination\|pulling from' + abort: potentially unsafe hostname: 'fakehost|shellcommand' + [1] + $ hg pull 'git+ssh://fakehost%7Cshellcommand/path' | grep -v 'destination\|pulling from' + abort: potentially unsafe hostname: 'fakehost|shellcommand' + [1]
--- a/tests/test-push.t +++ b/tests/test-push.t @@ -197,3 +197,18 @@ Only one bookmark 'master' should be created $ hg bookmarks * master 0:8aded40be5af + +test for ssh vulnerability + + $ hg push 'git+ssh://-oProxyCommand=rm${IFS}nonexistent/path' | grep -v 'pushing to' + abort: potentially unsafe hostname: '-oProxyCommand=rm${IFS}nonexistent' + [1] + $ hg push 'git+ssh://-oProxyCommand=rm%20nonexistent/path' | grep -v 'pushing to' + abort: potentially unsafe hostname: '-oProxyCommand=rm nonexistent' + [1] + $ hg push 'git+ssh://fakehost|shellcommand/path' | grep -v 'pushing to' + abort: potentially unsafe hostname: 'fakehost|shellcommand' + [1] + $ hg push 'git+ssh://fakehost%7Cshellcommand/path' | grep -v 'pushing to' + abort: potentially unsafe hostname: 'fakehost|shellcommand' + [1]