mirror of
https://we.phorge.it/source/arcanist.git
synced 2024-11-09 16:32:39 +01:00
No description
83661809e5
Summary: See PHI904. Ref T13210. Ref T13209. Currently, we have an `hg cat` construction which attempts to pass a literal `%p` to Mercurial. This fails because you can't pass `%` through `%s` outside of `wilds`. It also uses `%C` to pass a list of file paths. This is broadly unsafe and can cause command execution if you modify a file named, e.g., `; rm -rf xyz` or similar. I think it would be difficult to turn this into an attack but it's fairly bad. This dates from D5144 in 2013. Test Plan: With this patch, created D19757 which has valid binary data (see F5962134). Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13210, T13209 Differential Revision: https://secure.phabricator.com/D19758 |
||
|---|---|---|
| bin | ||
| externals | ||
| resources | ||
| scripts | ||
| src | ||
| .arcconfig | ||
| .arclint | ||
| .arcunit | ||
| .editorconfig | ||
| .gitignore | ||
| LICENSE | ||
| NOTICE | ||
| README.md | ||
Arcanist is the command-line tool for Phabricator. It allows you to interact with Phabricator installs to send code for review, download patches, transfer files, view status, make API calls, and various other things. You can read more in the User Guide
For more information about Phabricator, see http://phabricator.org/.
LICENSE
Arcanist is released under the Apache 2.0 license except as otherwise noted.