1{- ssh hostname sanitization 2 - 3 - When constructing a ssh command with a hostname that may be controlled 4 - by an attacker, prevent the hostname from starting with "-", 5 - to prevent tricking ssh into arbitrary command execution via 6 - eg "-oProxyCommand=" 7 - 8 - Copyright 2017 Joey Hess <id@joeyh.name> 9 - 10 - License: BSD-2-clause 11 -} 12 13module Utility.SshHost (SshHost, mkSshHost, fromSshHost) where 14 15newtype SshHost = SshHost String 16 17-- | Smart constructor for a legal hostname or IP address. 18-- In some cases, it may be prefixed with "user@" to specify the remote 19-- user at the host. 20-- 21-- For now, we only filter out the problem ones, because determining an 22-- actually legal hostnames is quite complicated. 23mkSshHost :: String -> Either String SshHost 24mkSshHost h@('-':_) = Left $ 25 "rejecting ssh hostname that starts with '-' : " ++ h 26mkSshHost h = Right (SshHost h) 27 28fromSshHost :: SshHost -> String 29fromSshHost (SshHost h) = h 30