From 5ab288b30c36bee235833aa31a8e4f9e6e25a676 Mon Sep 17 00:00:00 2001
From: Joshua Spence <josh@joshuaspence.com>
Date: Thu, 26 Jun 2014 05:30:23 +1000
Subject: [PATCH] `ArcanistChmodLinter` should not allow certain MIME types to
 be executable

Summary: Fixes T5466. An image is an example of a binary which should //not// be executable. Modify the `ArcanistChmodLinter` to disallow certain blacklisted MIME types from being executable.

Test Plan: Created an executable image file and ran `arc lint` over this file.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: richardvanvelzen, epriestley, Korvin

Maniphest Tasks: T5466

Differential Revision: https://secure.phabricator.com/D9723
---
 src/lint/linter/ArcanistChmodLinter.php | 53 +++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/src/lint/linter/ArcanistChmodLinter.php b/src/lint/linter/ArcanistChmodLinter.php
index 48ab8648..7ba4609e 100644
--- a/src/lint/linter/ArcanistChmodLinter.php
+++ b/src/lint/linter/ArcanistChmodLinter.php
@@ -46,6 +46,59 @@ final class ArcanistChmodLinter extends ArcanistLinter {
   public function lintPath($path) {
     if (is_executable($path)) {
       if ($this->getEngine()->isBinaryFile($path)) {
+        $mime = Filesystem::getMimeType($path);
+
+        switch ($mime) {
+          // Archives
+          case 'application/jar':
+          case 'application/java-archive':
+          case 'application/x-bzip2':
+          case 'application/x-gzip':
+          case 'application/x-rar-compressed':
+          case 'application/x-tar':
+          case 'application/zip':
+
+          // Audio
+          case 'audio/midi':
+          case 'audio/mpeg':
+          case 'audio/mp4':
+          case 'audio/x-wav':
+
+          // Fonts
+          case 'application/vnd.ms-fontobject':
+          case 'application/x-font-ttf':
+          case 'application/x-woff':
+
+          // Images
+          case 'application/x-shockwave-flash':
+          case 'image/gif':
+          case 'image/jpeg':
+          case 'image/png':
+          case 'image/tiff':
+          case 'image/x-icon':
+          case 'image/x-ms-bmp':
+
+          // Miscellaneous
+          case 'application/msword':
+          case 'application/pdf':
+          case 'application/postscript':
+          case 'application/rtf':
+          case 'application/vnd.ms-excel':
+          case 'application/vnd.ms-powerpoint':
+
+          // Video
+          case 'video/mpeg':
+          case 'video/quicktime':
+          case 'video/x-flv':
+          case 'video/x-msvideo':
+          case 'video/x-ms-wmv':
+
+            $this->raiseLintAtPath(
+              self::LINT_INVALID_EXECUTABLE,
+              pht("'%s' files should not be executable.", $mime));
+            return;
+        }
+
         // Path is a binary file, which makes it a valid executable.
         return;
       } else if ($this->getShebang($path)) {