ArcanistChmodLinter should not allow certain MIME types to be executable

Summary: Fixes T5466. An image is an example of a binary which should //not// be executable. Modify the `ArcanistChmodLinter` to disallow certain blacklisted MIME types from being executable. Test Plan: Created an executable image file and ran `arc lint` over this file. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: richardvanvelzen, epriestley, Korvin Maniphest Tasks: T5466 Differential Revision: https://secure.phabricator.com/D9723
2024-11-22 06:42:41 +01:00 · 2014-06-26 05:30:23 +10:00 · 2014-06-26 05:30:23 +10:00 · 5ab288b30c
commit 5ab288b30c
parent 439dff5e09
1 changed files with 53 additions and 0 deletions
--- a/src/lint/linter/ArcanistChmodLinter.php
+++ b/src/lint/linter/ArcanistChmodLinter.php
@ -46,6 +46,59 @@ final class ArcanistChmodLinter extends ArcanistLinter {
  public function lintPath($path) {
    if (is_executable($path)) {
      if ($this->getEngine()->isBinaryFile($path)) {
+        $mime = Filesystem::getMimeType($path);
+
+        switch ($mime) {
+          // Archives
+          case 'application/jar':
+          case 'application/java-archive':
+          case 'application/x-bzip2':
+          case 'application/x-gzip':
+          case 'application/x-rar-compressed':
+          case 'application/x-tar':
+          case 'application/zip':
+
+          // Audio
+          case 'audio/midi':
+          case 'audio/mpeg':
+          case 'audio/mp4':
+          case 'audio/x-wav':
+
+          // Fonts
+          case 'application/vnd.ms-fontobject':
+          case 'application/x-font-ttf':
+          case 'application/x-woff':
+
+          // Images
+          case 'application/x-shockwave-flash':
+          case 'image/gif':
+          case 'image/jpeg':
+          case 'image/png':
+          case 'image/tiff':
+          case 'image/x-icon':
+          case 'image/x-ms-bmp':
+
+          // Miscellaneous
+          case 'application/msword':
+          case 'application/pdf':
+          case 'application/postscript':
+          case 'application/rtf':
+          case 'application/vnd.ms-excel':
+          case 'application/vnd.ms-powerpoint':
+
+          // Video
+          case 'video/mpeg':
+          case 'video/quicktime':
+          case 'video/x-flv':
+          case 'video/x-msvideo':
+          case 'video/x-ms-wmv':
+
+            $this->raiseLintAtPath(
+              self::LINT_INVALID_EXECUTABLE,
+              pht("'%s' files should not be executable.", $mime));
+            return;
+        }
+
        // Path is a binary file, which makes it a valid executable.
        return;
      } else if ($this->getShebang($path)) {