1
0
Fork 0
mirror of https://we.phorge.it/source/arcanist.git synced 2024-12-22 05:20:55 +01:00

ArcanistChmodLinter should not allow certain MIME types to be executable

Summary: Fixes T5466. An image is an example of a binary which should //not// be executable. Modify the `ArcanistChmodLinter` to disallow certain blacklisted MIME types from being executable.

Test Plan: Created an executable image file and ran `arc lint` over this file.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: richardvanvelzen, epriestley, Korvin

Maniphest Tasks: T5466

Differential Revision: https://secure.phabricator.com/D9723
This commit is contained in:
Joshua Spence 2014-06-26 05:30:23 +10:00
parent 439dff5e09
commit 5ab288b30c

View file

@ -46,6 +46,59 @@ final class ArcanistChmodLinter extends ArcanistLinter {
public function lintPath($path) {
if (is_executable($path)) {
if ($this->getEngine()->isBinaryFile($path)) {
$mime = Filesystem::getMimeType($path);
switch ($mime) {
// Archives
case 'application/jar':
case 'application/java-archive':
case 'application/x-bzip2':
case 'application/x-gzip':
case 'application/x-rar-compressed':
case 'application/x-tar':
case 'application/zip':
// Audio
case 'audio/midi':
case 'audio/mpeg':
case 'audio/mp4':
case 'audio/x-wav':
// Fonts
case 'application/vnd.ms-fontobject':
case 'application/x-font-ttf':
case 'application/x-woff':
// Images
case 'application/x-shockwave-flash':
case 'image/gif':
case 'image/jpeg':
case 'image/png':
case 'image/tiff':
case 'image/x-icon':
case 'image/x-ms-bmp':
// Miscellaneous
case 'application/msword':
case 'application/pdf':
case 'application/postscript':
case 'application/rtf':
case 'application/vnd.ms-excel':
case 'application/vnd.ms-powerpoint':
// Video
case 'video/mpeg':
case 'video/quicktime':
case 'video/x-flv':
case 'video/x-msvideo':
case 'video/x-ms-wmv':
$this->raiseLintAtPath(
self::LINT_INVALID_EXECUTABLE,
pht("'%s' files should not be executable.", $mime));
return;
}
// Path is a binary file, which makes it a valid executable.
return;
} else if ($this->getShebang($path)) {