phorge-phorge/src/applications/files/management/PhabricatorFilesManagementCatWorkflow.php

<?php

final class PhabricatorFilesManagementCatWorkflow
  extends PhabricatorFilesManagementWorkflow {

  protected function didConstruct() {
    $this
      ->setName('cat')
      ->setSynopsis(pht('Print the contents of a file.'))
      ->setArguments(
        array(
          array(
            'name' => 'begin',
            'param' => 'bytes',
            'help' => pht('Begin printing at a specific offset.'),
          ),
          array(
            'name' => 'end',
            'param' => 'bytes',
            'help' => pht('End printing at a specific offset.'),
          ),
          array(
            'name' => 'salvage',
            'help' => pht(
              'DANGEROUS. Attempt to salvage file content even if the '.
              'integrity check fails. If an adversary has tampered with '.
              'the file, the content may be unsafe.'),
          ),
          array(
            'name'      => 'names',
            'wildcard'  => true,
          ),
        ));
  }

  public function execute(PhutilArgumentParser $args) {
    $console = PhutilConsole::getConsole();

    $names = $args->getArg('names');
    if (count($names) > 1) {
      throw new PhutilArgumentUsageException(
        pht('Specify exactly one file to print, like "%s".', 'F123'));
    } else if (!$names) {
      throw new PhutilArgumentUsageException(
        pht('Specify a file to print, like "%s".', 'F123'));
    }

    $file = head($this->loadFilesWithNames($names));

    $begin = $args->getArg('begin');
    $end = $args->getArg('end');

    $file->makeEphemeral();

    // If we're running in "salvage" mode, wipe out any integrity hash which
    // may be present. This makes us read file data without performing an
    // integrity check.
    $salvage = $args->getArg('salvage');
    if ($salvage) {
      $file->setIntegrityHash(null);
    }

    try {
      $iterator = $file->getFileDataIterator($begin, $end);
      foreach ($iterator as $data) {
        echo $data;
      }
    } catch (PhabricatorFileIntegrityException $ex) {
      throw new PhutilArgumentUsageException(
        pht(
          'File data integrity check failed. Use "--salvage" to bypass '.
          'integrity checks. This flag is dangerous, use it at your own '.
          'risk. Underlying error: %s',
          $ex->getMessage()));
    }

    return 0;
  }

}
Add `bin/files cat` to print a file to stdout Summary: Ref T7149. This makes debugging some of this stuff a bit easier by removing the HTTP part in the middle. Particularly, I anticipate having this stream data chunk-by-chunk in the near future. Test Plan: Ran `files cat F23`, got output. Reviewers: btrahan Reviewed By: btrahan Subscribers: joshuaspence, epriestley Maniphest Tasks: T7149 Differential Revision: https://secure.phabricator.com/D12062 2015-03-13 11:30:13 -07:00			`<?php`

			`final class PhabricatorFilesManagementCatWorkflow`
			`extends PhabricatorFilesManagementWorkflow {`

			`protected function didConstruct() {`
			`$this`
			`->setName('cat')`
phtize all the things Summary: `pht`ize a whole bunch of strings in rP. Test Plan: Intense eyeballing. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: hach-que, Korvin, epriestley Differential Revision: https://secure.phabricator.com/D12797 2015-05-22 17:27:56 +10:00			`->setSynopsis(pht('Print the contents of a file.'))`
Add `bin/files cat` to print a file to stdout Summary: Ref T7149. This makes debugging some of this stuff a bit easier by removing the HTTP part in the middle. Particularly, I anticipate having this stream data chunk-by-chunk in the near future. Test Plan: Ran `files cat F23`, got output. Reviewers: btrahan Reviewed By: btrahan Subscribers: joshuaspence, epriestley Maniphest Tasks: T7149 Differential Revision: https://secure.phabricator.com/D12062 2015-03-13 11:30:13 -07:00			`->setArguments(`
			`array(`
Support a file data iteration interface for large files Summary: Ref T7149. A couple diffs down the line, this will let us emit chunked files without doing all the work up front or holding the entire file in RAM. Test Plan: (Some newlines added for clarity.) ``` $ ./bin/files cat F942 ABCDEFGHIJKLMNOPQRSTUVWXYZ $ ./bin/files cat F942 --begin 1 BCDEFGHIJKLMNOPQRSTUVWXYZ $ ./bin/files cat F942 --end 10 ABCDEFGHIJ $ ./bin/files cat F942 --begin 3 --end 5 DE $ ``` Reviewers: btrahan Reviewed By: btrahan Subscribers: joshuaspence, epriestley Maniphest Tasks: T7149 Differential Revision: https://secure.phabricator.com/D12071 2015-03-14 08:28:59 -07:00			`array(`
			`'name' => 'begin',`
			`'param' => 'bytes',`
			`'help' => pht('Begin printing at a specific offset.'),`
			`),`
			`array(`
			`'name' => 'end',`
			`'param' => 'bytes',`
			`'help' => pht('End printing at a specific offset.'),`
			`),`
Store and verify content integrity checksums for files Summary: Ref T12470. This helps defuse attacks where an adversary can directly take control of whatever storage engine files are being stored in and change data there. These attacks would require a significant level of access. Such attackers could potentially attack ranges of AES-256-CBC encrypted files by using Phabricator as a decryption oracle if they were also able to compromise a Phabricator account with read access to the files. By storing a hash of the data (and, in the case of AES-256-CBC files, the IV) when we write files, and verifying it before we decrypt or read them, we can detect and prevent this kind of tampering. This also helps detect mundane corruption and integrity issues. Test Plan: - Added unit tests. - Uploaded new files, saw them get integrity hashes. - Manually corrupted file data, saw it fail. Used `bin/files cat --salvage` to read it anyway. - Tampered with IVs, saw integrity failures. Reviewers: chad Reviewed By: chad Maniphest Tasks: T12470 Differential Revision: https://secure.phabricator.com/D17625 2017-04-05 09:04:44 -07:00			`array(`
			`'name' => 'salvage',`
			`'help' => pht(`
			`'DANGEROUS. Attempt to salvage file content even if the '.`
			`'integrity check fails. If an adversary has tampered with '.`
Fix spelling Summary: Noticed a couple of typos in the docs, and then things got out of hand. Test Plan: - Stared at the words until my eyes watered and the letters began to swim on the screen. - Consulted a dictionary. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: epriestley, yelirekim, PHID-OPKG-gm6ozazyms6q6i22gyam Differential Revision: https://secure.phabricator.com/D18693 2017-10-09 10:48:01 -07:00			`'the file, the content may be unsafe.'),`
Store and verify content integrity checksums for files Summary: Ref T12470. This helps defuse attacks where an adversary can directly take control of whatever storage engine files are being stored in and change data there. These attacks would require a significant level of access. Such attackers could potentially attack ranges of AES-256-CBC encrypted files by using Phabricator as a decryption oracle if they were also able to compromise a Phabricator account with read access to the files. By storing a hash of the data (and, in the case of AES-256-CBC files, the IV) when we write files, and verifying it before we decrypt or read them, we can detect and prevent this kind of tampering. This also helps detect mundane corruption and integrity issues. Test Plan: - Added unit tests. - Uploaded new files, saw them get integrity hashes. - Manually corrupted file data, saw it fail. Used `bin/files cat --salvage` to read it anyway. - Tampered with IVs, saw integrity failures. Reviewers: chad Reviewed By: chad Maniphest Tasks: T12470 Differential Revision: https://secure.phabricator.com/D17625 2017-04-05 09:04:44 -07:00			`),`
Add `bin/files cat` to print a file to stdout Summary: Ref T7149. This makes debugging some of this stuff a bit easier by removing the HTTP part in the middle. Particularly, I anticipate having this stream data chunk-by-chunk in the near future. Test Plan: Ran `files cat F23`, got output. Reviewers: btrahan Reviewed By: btrahan Subscribers: joshuaspence, epriestley Maniphest Tasks: T7149 Differential Revision: https://secure.phabricator.com/D12062 2015-03-13 11:30:13 -07:00			`array(`
			`'name' => 'names',`
			`'wildcard' => true,`
			`),`
			`));`
			`}`

			`public function execute(PhutilArgumentParser $args) {`
			`$console = PhutilConsole::getConsole();`

			`$names = $args->getArg('names');`
			`if (count($names) > 1) {`
			`throw new PhutilArgumentUsageException(`
phtize all the things Summary: `pht`ize a whole bunch of strings in rP. Test Plan: Intense eyeballing. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: hach-que, Korvin, epriestley Differential Revision: https://secure.phabricator.com/D12797 2015-05-22 17:27:56 +10:00			`pht('Specify exactly one file to print, like "%s".', 'F123'));`
Add `bin/files cat` to print a file to stdout Summary: Ref T7149. This makes debugging some of this stuff a bit easier by removing the HTTP part in the middle. Particularly, I anticipate having this stream data chunk-by-chunk in the near future. Test Plan: Ran `files cat F23`, got output. Reviewers: btrahan Reviewed By: btrahan Subscribers: joshuaspence, epriestley Maniphest Tasks: T7149 Differential Revision: https://secure.phabricator.com/D12062 2015-03-13 11:30:13 -07:00			`} else if (!$names) {`
			`throw new PhutilArgumentUsageException(`
phtize all the things Summary: `pht`ize a whole bunch of strings in rP. Test Plan: Intense eyeballing. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: hach-que, Korvin, epriestley Differential Revision: https://secure.phabricator.com/D12797 2015-05-22 17:27:56 +10:00			`pht('Specify a file to print, like "%s".', 'F123'));`
Add `bin/files cat` to print a file to stdout Summary: Ref T7149. This makes debugging some of this stuff a bit easier by removing the HTTP part in the middle. Particularly, I anticipate having this stream data chunk-by-chunk in the near future. Test Plan: Ran `files cat F23`, got output. Reviewers: btrahan Reviewed By: btrahan Subscribers: joshuaspence, epriestley Maniphest Tasks: T7149 Differential Revision: https://secure.phabricator.com/D12062 2015-03-13 11:30:13 -07:00			`}`

			`$file = head($this->loadFilesWithNames($names));`

Support a file data iteration interface for large files Summary: Ref T7149. A couple diffs down the line, this will let us emit chunked files without doing all the work up front or holding the entire file in RAM. Test Plan: (Some newlines added for clarity.) ``` $ ./bin/files cat F942 ABCDEFGHIJKLMNOPQRSTUVWXYZ $ ./bin/files cat F942 --begin 1 BCDEFGHIJKLMNOPQRSTUVWXYZ $ ./bin/files cat F942 --end 10 ABCDEFGHIJ $ ./bin/files cat F942 --begin 3 --end 5 DE $ ``` Reviewers: btrahan Reviewed By: btrahan Subscribers: joshuaspence, epriestley Maniphest Tasks: T7149 Differential Revision: https://secure.phabricator.com/D12071 2015-03-14 08:28:59 -07:00			`$begin = $args->getArg('begin');`
			`$end = $args->getArg('end');`

Store and verify content integrity checksums for files Summary: Ref T12470. This helps defuse attacks where an adversary can directly take control of whatever storage engine files are being stored in and change data there. These attacks would require a significant level of access. Such attackers could potentially attack ranges of AES-256-CBC encrypted files by using Phabricator as a decryption oracle if they were also able to compromise a Phabricator account with read access to the files. By storing a hash of the data (and, in the case of AES-256-CBC files, the IV) when we write files, and verifying it before we decrypt or read them, we can detect and prevent this kind of tampering. This also helps detect mundane corruption and integrity issues. Test Plan: - Added unit tests. - Uploaded new files, saw them get integrity hashes. - Manually corrupted file data, saw it fail. Used `bin/files cat --salvage` to read it anyway. - Tampered with IVs, saw integrity failures. Reviewers: chad Reviewed By: chad Maniphest Tasks: T12470 Differential Revision: https://secure.phabricator.com/D17625 2017-04-05 09:04:44 -07:00			`$file->makeEphemeral();`

			`// If we're running in "salvage" mode, wipe out any integrity hash which`
			`// may be present. This makes us read file data without performing an`
			`// integrity check.`
			`$salvage = $args->getArg('salvage');`
			`if ($salvage) {`
			`$file->setIntegrityHash(null);`
			`}`

			`try {`
			`$iterator = $file->getFileDataIterator($begin, $end);`
			`foreach ($iterator as $data) {`
			`echo $data;`
			`}`
			`} catch (PhabricatorFileIntegrityException $ex) {`
			`throw new PhutilArgumentUsageException(`
			`pht(`
			`'File data integrity check failed. Use "--salvage" to bypass '.`
			`'integrity checks. This flag is dangerous, use it at your own '.`
			`'risk. Underlying error: %s',`
			`$ex->getMessage()));`
Support a file data iteration interface for large files Summary: Ref T7149. A couple diffs down the line, this will let us emit chunked files without doing all the work up front or holding the entire file in RAM. Test Plan: (Some newlines added for clarity.) ``` $ ./bin/files cat F942 ABCDEFGHIJKLMNOPQRSTUVWXYZ $ ./bin/files cat F942 --begin 1 BCDEFGHIJKLMNOPQRSTUVWXYZ $ ./bin/files cat F942 --end 10 ABCDEFGHIJ $ ./bin/files cat F942 --begin 3 --end 5 DE $ ``` Reviewers: btrahan Reviewed By: btrahan Subscribers: joshuaspence, epriestley Maniphest Tasks: T7149 Differential Revision: https://secure.phabricator.com/D12071 2015-03-14 08:28:59 -07:00			`}`
Add `bin/files cat` to print a file to stdout Summary: Ref T7149. This makes debugging some of this stuff a bit easier by removing the HTTP part in the middle. Particularly, I anticipate having this stream data chunk-by-chunk in the near future. Test Plan: Ran `files cat F23`, got output. Reviewers: btrahan Reviewed By: btrahan Subscribers: joshuaspence, epriestley Maniphest Tasks: T7149 Differential Revision: https://secure.phabricator.com/D12062 2015-03-13 11:30:13 -07:00
			`return 0;`
			`}`

			`}`