mirror of
https://we.phorge.it/source/arcanist.git
synced 2024-11-25 16:22:42 +01:00
ArcanistChmodLinter
should not allow certain MIME types to be executable
Summary: Fixes T5466. An image is an example of a binary which should //not// be executable. Modify the `ArcanistChmodLinter` to disallow certain blacklisted MIME types from being executable. Test Plan: Created an executable image file and ran `arc lint` over this file. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: richardvanvelzen, epriestley, Korvin Maniphest Tasks: T5466 Differential Revision: https://secure.phabricator.com/D9723
This commit is contained in:
parent
439dff5e09
commit
5ab288b30c
1 changed files with 53 additions and 0 deletions
|
@ -46,6 +46,59 @@ final class ArcanistChmodLinter extends ArcanistLinter {
|
|||
public function lintPath($path) {
|
||||
if (is_executable($path)) {
|
||||
if ($this->getEngine()->isBinaryFile($path)) {
|
||||
$mime = Filesystem::getMimeType($path);
|
||||
|
||||
switch ($mime) {
|
||||
// Archives
|
||||
case 'application/jar':
|
||||
case 'application/java-archive':
|
||||
case 'application/x-bzip2':
|
||||
case 'application/x-gzip':
|
||||
case 'application/x-rar-compressed':
|
||||
case 'application/x-tar':
|
||||
case 'application/zip':
|
||||
|
||||
// Audio
|
||||
case 'audio/midi':
|
||||
case 'audio/mpeg':
|
||||
case 'audio/mp4':
|
||||
case 'audio/x-wav':
|
||||
|
||||
// Fonts
|
||||
case 'application/vnd.ms-fontobject':
|
||||
case 'application/x-font-ttf':
|
||||
case 'application/x-woff':
|
||||
|
||||
// Images
|
||||
case 'application/x-shockwave-flash':
|
||||
case 'image/gif':
|
||||
case 'image/jpeg':
|
||||
case 'image/png':
|
||||
case 'image/tiff':
|
||||
case 'image/x-icon':
|
||||
case 'image/x-ms-bmp':
|
||||
|
||||
// Miscellaneous
|
||||
case 'application/msword':
|
||||
case 'application/pdf':
|
||||
case 'application/postscript':
|
||||
case 'application/rtf':
|
||||
case 'application/vnd.ms-excel':
|
||||
case 'application/vnd.ms-powerpoint':
|
||||
|
||||
// Video
|
||||
case 'video/mpeg':
|
||||
case 'video/quicktime':
|
||||
case 'video/x-flv':
|
||||
case 'video/x-msvideo':
|
||||
case 'video/x-ms-wmv':
|
||||
|
||||
$this->raiseLintAtPath(
|
||||
self::LINT_INVALID_EXECUTABLE,
|
||||
pht("'%s' files should not be executable.", $mime));
|
||||
return;
|
||||
}
|
||||
|
||||
// Path is a binary file, which makes it a valid executable.
|
||||
return;
|
||||
} else if ($this->getShebang($path)) {
|
||||
|
|
Loading…
Reference in a new issue