Mercurial > hg > hg-git
diff tests/test-push.t @ 1044:9b09dd0a6308
ssh: expand test coverage for ssh vulnerability
| author | Kevin Bullock <kbullock@ringworld.org> |
|---|---|
| date | Wed, 09 Aug 2017 21:34:15 -0400 (2017-08-10) |
| parents | 4fa1812d1f24 |
| children | c35751c248c3 |
line wrap: on
line diff
--- a/tests/test-push.t +++ b/tests/test-push.t @@ -197,3 +197,18 @@ Only one bookmark 'master' should be created $ hg bookmarks * master 0:8aded40be5af + +test for ssh vulnerability + + $ hg push 'git+ssh://-oProxyCommand=rm${IFS}nonexistent/path' | grep -v 'pushing to' + abort: potentially unsafe hostname: '-oProxyCommand=rm${IFS}nonexistent' + [1] + $ hg push 'git+ssh://-oProxyCommand=rm%20nonexistent/path' | grep -v 'pushing to' + abort: potentially unsafe hostname: '-oProxyCommand=rm nonexistent' + [1] + $ hg push 'git+ssh://fakehost|shellcommand/path' | grep -v 'pushing to' + abort: potentially unsafe hostname: 'fakehost|shellcommand' + [1] + $ hg push 'git+ssh://fakehost%7Cshellcommand/path' | grep -v 'pushing to' + abort: potentially unsafe hostname: 'fakehost|shellcommand' + [1]