changeset 1045:c35751c248c3

ssh: unban the use of pipe character in hostname The test changes demonstrate that the hostname gets URL-encoded before being passed to ssh(1).
author Kevin Bullock <kbullock@ringworld.org>
date Thu, 10 Aug 2017 14:19:04 -0400
parents 9b09dd0a6308
children c560ed4d5a55
files hggit/util.py tests/test-git-clone.t tests/test-pull.t tests/test-push.t
diffstat 4 files changed, 46 insertions(+), 32 deletions(-) [+]
line wrap: on
line diff
--- a/hggit/util.py
+++ b/hggit/util.py
@@ -135,6 +135,6 @@
     Raises an error.Abort when the url is unsafe.
     """
     host = urllib.unquote(host)
-    if host.startswith('-') or '|' in host:
+    if host.startswith('-'):
         raise error.Abort(_('potentially unsafe hostname: %r') %
                           (host,))
--- a/tests/test-git-clone.t
+++ b/tests/test-git-clone.t
@@ -39,15 +39,20 @@
 
 test for ssh vulnerability
 
-  $ hg clone 'git+ssh://-oProxyCommand=rm${IFS}nonexistent/path' | grep -v 'destination\|pulling from'
-  abort: potentially unsafe hostname: '-oProxyCommand=rm${IFS}nonexistent'
-  [1]
-  $ hg clone 'git+ssh://%2DoProxyCommand=rm${IFS}nonexistent/path' | grep -v 'destination\|pulling from'
+  $ cat >> $HGRCPATH << EOF
+  > [ui]
+  > ssh = ssh -o ConnectTimeout=1
+  > EOF
+
+  $ hg clone 'git+ssh://-oProxyCommand=rm${IFS}nonexistent/path' 2>&1 >/dev/null
   abort: potentially unsafe hostname: '-oProxyCommand=rm${IFS}nonexistent'
-  [1]
-  $ hg clone 'git+ssh://fakehost|shellcommand/path' | grep -v 'destination\|pulling from'
-  abort: potentially unsafe hostname: 'fakehost|shellcommand'
-  [1]
-  $ hg clone 'git+ssh://fakehost%7Cshellcommand/path' | grep -v 'destination\|pulling from'
-  abort: potentially unsafe hostname: 'fakehost|shellcommand'
-  [1]
+  [255]
+  $ hg clone 'git+ssh://%2DoProxyCommand=rm${IFS}nonexistent/path' 2>&1 >/dev/null
+  abort: potentially unsafe hostname: '-oProxyCommand=rm${IFS}nonexistent'
+  [255]
+  $ hg clone 'git+ssh://fakehost|rm${IFS}nonexistent/path' 2>&1 >/dev/null | grep -v ^devel-warn:
+  ssh: connect to host fakehost%7crm%24%7bifs%7dnonexistent port 22: * (glob)
+  abort: git remote error: The remote server unexpectedly closed the connection.
+  $ hg clone 'git+ssh://fakehost%7Crm${IFS}nonexistent/path' 2>&1 >/dev/null | grep -v ^devel-warn:
+  ssh: connect to host fakehost%7crm%24%7bifs%7dnonexistent port 22: * (glob)
+  abort: git remote error: The remote server unexpectedly closed the connection.
--- a/tests/test-pull.t
+++ b/tests/test-pull.t
@@ -352,17 +352,22 @@
 
 test for ssh vulnerability
 
+  $ cat >> $HGRCPATH << EOF
+  > [ui]
+  > ssh = ssh -o ConnectTimeout=1
+  > EOF
+
   $ hg init a
   $ cd a
-  $ hg pull 'git+ssh://-oProxyCommand=rm${IFS}nonexistent/path' | grep -v 'destination\|pulling from'
+  $ hg pull 'git+ssh://-oProxyCommand=rm${IFS}nonexistent/path' 2>&1 >/dev/null
   abort: potentially unsafe hostname: '-oProxyCommand=rm${IFS}nonexistent'
-  [1]
-  $ hg pull 'git+ssh://-oProxyCommand=rm%20nonexistent/path' | grep -v 'destination\|pulling from'
+  [255]
+  $ hg pull 'git+ssh://-oProxyCommand=rm%20nonexistent/path' 2>&1 >/dev/null
   abort: potentially unsafe hostname: '-oProxyCommand=rm nonexistent'
-  [1]
-  $ hg pull 'git+ssh://fakehost|shellcommand/path' | grep -v 'destination\|pulling from'
-  abort: potentially unsafe hostname: 'fakehost|shellcommand'
-  [1]
-  $ hg pull 'git+ssh://fakehost%7Cshellcommand/path' | grep -v 'destination\|pulling from'
-  abort: potentially unsafe hostname: 'fakehost|shellcommand'
-  [1]
+  [255]
+  $ hg pull 'git+ssh://fakehost|shellcommand/path' 2>&1 >/dev/null | grep -v ^devel-warn:
+  ssh: connect to host fakehost%7cshellcommand port 22: * (glob)
+  abort: git remote error: The remote server unexpectedly closed the connection.
+  $ hg pull 'git+ssh://fakehost%7Cshellcommand/path' 2>&1 >/dev/null | grep -v ^devel-warn:
+  ssh: connect to host fakehost%7cshellcommand port 22: * (glob)
+  abort: git remote error: The remote server unexpectedly closed the connection.
--- a/tests/test-push.t
+++ b/tests/test-push.t
@@ -200,15 +200,19 @@
 
 test for ssh vulnerability
 
-  $ hg push 'git+ssh://-oProxyCommand=rm${IFS}nonexistent/path' | grep -v 'pushing to'
+  $ cat >> $HGRCPATH << EOF
+  > [ui]
+  > ssh = ssh -o ConnectTimeout=1
+  > EOF
+  $ hg push 'git+ssh://-oProxyCommand=rm${IFS}nonexistent/path' 2>&1 >/dev/null
   abort: potentially unsafe hostname: '-oProxyCommand=rm${IFS}nonexistent'
-  [1]
-  $ hg push 'git+ssh://-oProxyCommand=rm%20nonexistent/path' | grep -v 'pushing to'
+  [255]
+  $ hg push 'git+ssh://-oProxyCommand=rm%20nonexistent/path' 2>&1 >/dev/null
   abort: potentially unsafe hostname: '-oProxyCommand=rm nonexistent'
-  [1]
-  $ hg push 'git+ssh://fakehost|shellcommand/path' | grep -v 'pushing to'
-  abort: potentially unsafe hostname: 'fakehost|shellcommand'
-  [1]
-  $ hg push 'git+ssh://fakehost%7Cshellcommand/path' | grep -v 'pushing to'
-  abort: potentially unsafe hostname: 'fakehost|shellcommand'
-  [1]
+  [255]
+  $ hg push 'git+ssh://fakehost|rm%20nonexistent/path' 2>&1 >/dev/null | grep -v ^devel-warn:
+  ssh: connect to host fakehost%7crm%20nonexistent port 22: * (glob)
+  abort: git remote error: The remote server unexpectedly closed the connection.
+  $ hg push 'git+ssh://fakehost%7Crm%20nonexistent/path' 2>&1 >/dev/null | grep -v ^devel-warn:
+  ssh: connect to host fakehost%7crm%20nonexistent port 22: * (glob)
+  abort: git remote error: The remote server unexpectedly closed the connection.