1
0
Fork 0
mirror of https://we.phorge.it/source/arcanist.git synced 2024-12-22 21:40:54 +01:00
No description
Find a file
epriestley 83661809e5 Work around a Windows escaping issue and security conecern in "hg cat --output ..."
Summary:
See PHI904. Ref T13210. Ref T13209. Currently, we have an `hg cat` construction which attempts to pass a literal `%p` to Mercurial. This fails because you can't pass `%` through `%s` outside of `wilds`.

It also uses `%C` to pass a list of file paths. This is broadly unsafe and can cause command execution if you modify a file named, e.g., `; rm -rf xyz` or similar. I think it would be difficult to turn this into an attack but it's fairly bad. This dates from D5144 in 2013.

Test Plan: With this patch, created D19757 which has valid binary data (see F5962134).

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13210, T13209

Differential Revision: https://secure.phabricator.com/D19758
2018-10-26 07:28:50 -07:00
bin Added ArcanistTextLinter::LINT_BOF_WHITESPACE and ArcanistTextLinter::LINT_EOF_WHITESPACE 2014-01-13 18:05:42 -08:00
externals Don't bundle PEP8 2015-05-20 07:03:22 +10:00
resources Add some more spelling corrections to Spelling linter 2014-12-22 16:08:02 -08:00
scripts Reduce the strength of "arc executing on arc" from an error to a warning 2017-07-21 12:09:59 -07:00
src Work around a Windows escaping issue and security conecern in "hg cat --output ..." 2018-10-26 07:28:50 -07:00
.arcconfig Set "history.immutable" to "false" explicitly in .arcconfig in Arcanist 2016-08-03 08:13:09 -07:00
.arclint Fold ArcanistPhutilXHPASTLinter into ArcanistXHPASTLinter 2015-11-13 07:08:40 +11:00
.arcunit Rough version of configuration driven unit test engine 2015-08-11 06:54:16 +10:00
.editorconfig Test XHPAST linter rules in isolation 2015-11-19 08:57:23 +11:00
.gitignore Update .gitignore. 2014-06-14 11:44:38 -07:00
LICENSE Fix text lint issues 2015-04-07 18:09:27 +10:00
NOTICE Remove duplicate newline 2014-07-17 08:25:22 +10:00
README.md Move README to Markdown 2015-04-13 13:01:16 -07:00

Arcanist is the command-line tool for Phabricator. It allows you to interact with Phabricator installs to send code for review, download patches, transfer files, view status, make API calls, and various other things. You can read more in the User Guide

For more information about Phabricator, see http://phabricator.org/.

LICENSE

Arcanist is released under the Apache 2.0 license except as otherwise noted.