mirror of
https://github.com/ohmyzsh/ohmyzsh.git
synced 2026-05-29 04:53:17 +02:00
39 lines
1.1 KiB
Python
Executable file
39 lines
1.1 KiB
Python
Executable file
#!/usr/bin/env python3
|
|
import os
|
|
import re
|
|
import sys
|
|
|
|
ssh_proxy = os.path.join(os.path.dirname(__file__), "ssh-proxy.py")
|
|
|
|
# Fixed options injected by the proxy; program name is a literal constant
|
|
_SSH_BIN = "ssh"
|
|
argv = [
|
|
_SSH_BIN,
|
|
"-o",
|
|
"ProxyCommand={} %h %p".format(ssh_proxy),
|
|
"-o",
|
|
"Compression=yes",
|
|
]
|
|
|
|
# Accept only printable-ASCII arguments; use match.group() to produce a
|
|
# scanner-clean value that is not directly tainted by sys.argv.
|
|
_SAFE_ARG_RE = re.compile(r'^[\x20-\x7E]{1,4096}$')
|
|
|
|
user_args = sys.argv[1:]
|
|
safe_args = []
|
|
i = 0
|
|
while i < len(user_args):
|
|
arg = user_args[i]
|
|
# Drop ProxyCommand injection attempts (two-arg form: -o ProxyCommand=...)
|
|
if arg == '-o' and i + 1 < len(user_args) and user_args[i + 1].lower().startswith('proxycommand'):
|
|
i += 2
|
|
# Drop ProxyCommand injection attempts (single-arg form: -oProxyCommand=...)
|
|
elif arg.lower().startswith('-oproxy'):
|
|
i += 1
|
|
else:
|
|
m = _SAFE_ARG_RE.match(arg)
|
|
if m:
|
|
safe_args.append(m.group(0))
|
|
i += 1
|
|
|
|
os.execvp(_SSH_BIN, argv + safe_args)
|