phorge-phorge/src/applications/diffusion/controller/DiffusionRepositoryEditEnormousController.php

<?php

final class DiffusionRepositoryEditEnormousController
  extends DiffusionRepositoryManageController {

  public function handleRequest(AphrontRequest $request) {
    $response = $this->loadDiffusionContextForEdit();
    if ($response) {
      return $response;
    }

    $viewer = $this->getViewer();
    $drequest = $this->getDiffusionRequest();
    $repository = $drequest->getRepository();

    $panel_uri = id(new DiffusionRepositoryBasicsManagementPanel())
      ->setRepository($repository)
      ->getPanelURI();

    if (!$repository->canAllowEnormousChanges()) {
      return $this->newDialog()
        ->setTitle(pht('Unprotectable Repository'))
        ->appendParagraph(
          pht(
            'This repository can not be protected from enormous changes '.
            'because Phabricator does not control what users are allowed '.
            'to push to it.'))
        ->addCancelButton($panel_uri);
    }

    if ($request->isFormPost()) {
      $xaction = id(new PhabricatorRepositoryTransaction())
        ->setTransactionType(
          PhabricatorRepositoryEnormousTransaction::TRANSACTIONTYPE)
        ->setNewValue(!$repository->shouldAllowEnormousChanges());

      $editor = id(new PhabricatorRepositoryEditor())
        ->setContinueOnNoEffect(true)
        ->setContentSourceFromRequest($request)
        ->setActor($viewer)
        ->applyTransactions($repository, array($xaction));

      return id(new AphrontReloadResponse())->setURI($panel_uri);
    }

    if ($repository->shouldAllowEnormousChanges()) {
      $title = pht('Prevent Enormous Changes');

      $body = pht(
        'It will no longer be possible to push enormous changes to this '.
        'repository.');

      $submit = pht('Prevent Enormous Changes');
    } else {
      $title = pht('Allow Enormous Changes');

      $body = array(
        pht(
          'If you allow enormous changes, users can push commits which are '.
          'too large for Herald to process content rules for. This can allow '.
          'users to evade content rules implemented in Herald.'),
        pht(
          'You can selectively configure Herald by adding rules to prevent a '.
          'subset of enormous changes (for example, based on who is trying '.
          'to push the change).'),
      );

      $submit = pht('Allow Enormous Changes');
    }

    $more_help = pht(
      'Enormous changes are commits which are too large to process with '.
      'content rules because: the diff text for the change is larger than '.
      '%s bytes; or the diff text takes more than %s seconds to extract.',
      new PhutilNumber(HeraldCommitAdapter::getEnormousByteLimit()),
      new PhutilNumber(HeraldCommitAdapter::getEnormousTimeLimit()));

    $response = $this->newDialog();

      foreach ((array)$body as $paragraph) {
        $response->appendParagraph($paragraph);
      }

    return $response
      ->setTitle($title)
      ->appendParagraph($more_help)
      ->addSubmitButton($submit)
      ->addCancelButton($panel_uri);
  }

}
Prevent enormous changes from being pushed to repositoires by default Summary: Fixes T13031. "Enormous" changes are basically changes which are too large to hold in memory, although the actual definition we use today is "more than 1GB of change text or `git diff` runs for more than 15 minutes". If an install configures a Herald content rule like "when content matches /XYZ/, do something" and then a user pushes a 30 GB source file, we can't put it into memory to `preg_match()` it. Currently, the way to handle this case is to write a separate Herald rule that rejects enormous changes. However, this isn't obvious and means the default behavior is unsafe. Make the default behavior safe by rejecting these changes with a message, similar to how we reject "dangerous" changes (which permanently delete or overwrite history) by default. Also, change a couple of UI strings from "Enormous" to "Very Large" to reduce ambiguity. See <https://discourse.phabricator-community.org/t/herald-enormous-check/822>. Test Plan: Changed the definition of "enormous" from 1GB to 1 byte. Pushed a change; got rejected. Allowed enormous changes, pushed, got rejected by a Herald rule. Disabled the Herald rule, pushed, got a clean push. Prevented enormous changes again. Grepped for "enormous" elsewhere in the UI. Reviewers: amckinley Reviewed By: amckinley Subscribers: joshuaspence Maniphest Tasks: T13031 Differential Revision: https://secure.phabricator.com/D18850 2017-12-26 10:38:45 -08:00			`<?php`

			`final class DiffusionRepositoryEditEnormousController`
			`extends DiffusionRepositoryManageController {`

			`public function handleRequest(AphrontRequest $request) {`
			`$response = $this->loadDiffusionContextForEdit();`
			`if ($response) {`
			`return $response;`
			`}`

			`$viewer = $this->getViewer();`
			`$drequest = $this->getDiffusionRequest();`
			`$repository = $drequest->getRepository();`

			`$panel_uri = id(new DiffusionRepositoryBasicsManagementPanel())`
			`->setRepository($repository)`
			`->getPanelURI();`

			`if (!$repository->canAllowEnormousChanges()) {`
			`return $this->newDialog()`
			`->setTitle(pht('Unprotectable Repository'))`
			`->appendParagraph(`
			`pht(`
			`'This repository can not be protected from enormous changes '.`
			`'because Phabricator does not control what users are allowed '.`
			`'to push to it.'))`
			`->addCancelButton($panel_uri);`
			`}`

			`if ($request->isFormPost()) {`
			`$xaction = id(new PhabricatorRepositoryTransaction())`
Modularize Repository transactions Summary: Depends on D19828. Ref T13216. Before adding new transactions to repositories (filesize limit, copy time limit, etc) modularize the existing transactions. Test Plan: - Created repository. - Edited callsign (invalid, valid, duplicate, add, remove). - Edited short name (invaild, valid, duplicate, add, remove). - Edited description (add, remove). - Edited encoding (invalid, valid, remove). - Allowed/denied dangerous changes. - Allowed/denied enormous chagnes. - Activated, deactivated, reactivated. - Changed tags. - Changed push policy. - Changed default branch (add, remove). - Changed track only: add, remove, invalid function, invalid regex. - Changed autoclose only: add, remove, invalid function, invalid regex. - Changed publish/notify. - Changed autoclose. - Changed staging area (add, remove, invalid). - Changed blueprints (add, remove). - Changed symbols (add, remove). - Grepped for `PhabricatorRepositoryTransaction::TYPE_`. - Reviewed transaction history: {F6021036} Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13216 Differential Revision: https://secure.phabricator.com/D19829 2018-11-21 12:21:57 -08:00			`->setTransactionType(`
			`PhabricatorRepositoryEnormousTransaction::TRANSACTIONTYPE)`
Prevent enormous changes from being pushed to repositoires by default Summary: Fixes T13031. "Enormous" changes are basically changes which are too large to hold in memory, although the actual definition we use today is "more than 1GB of change text or `git diff` runs for more than 15 minutes". If an install configures a Herald content rule like "when content matches /XYZ/, do something" and then a user pushes a 30 GB source file, we can't put it into memory to `preg_match()` it. Currently, the way to handle this case is to write a separate Herald rule that rejects enormous changes. However, this isn't obvious and means the default behavior is unsafe. Make the default behavior safe by rejecting these changes with a message, similar to how we reject "dangerous" changes (which permanently delete or overwrite history) by default. Also, change a couple of UI strings from "Enormous" to "Very Large" to reduce ambiguity. See <https://discourse.phabricator-community.org/t/herald-enormous-check/822>. Test Plan: Changed the definition of "enormous" from 1GB to 1 byte. Pushed a change; got rejected. Allowed enormous changes, pushed, got rejected by a Herald rule. Disabled the Herald rule, pushed, got a clean push. Prevented enormous changes again. Grepped for "enormous" elsewhere in the UI. Reviewers: amckinley Reviewed By: amckinley Subscribers: joshuaspence Maniphest Tasks: T13031 Differential Revision: https://secure.phabricator.com/D18850 2017-12-26 10:38:45 -08:00			`->setNewValue(!$repository->shouldAllowEnormousChanges());`

			`$editor = id(new PhabricatorRepositoryEditor())`
			`->setContinueOnNoEffect(true)`
			`->setContentSourceFromRequest($request)`
			`->setActor($viewer)`
			`->applyTransactions($repository, array($xaction));`

			`return id(new AphrontReloadResponse())->setURI($panel_uri);`
			`}`

			`if ($repository->shouldAllowEnormousChanges()) {`
			`$title = pht('Prevent Enormous Changes');`

			`$body = pht(`
			`'It will no longer be possible to push enormous changes to this '.`
			`'repository.');`

			`$submit = pht('Prevent Enormous Changes');`
			`} else {`
			`$title = pht('Allow Enormous Changes');`

			`$body = array(`
			`pht(`
			`'If you allow enormous changes, users can push commits which are '.`
			`'too large for Herald to process content rules for. This can allow '.`
			`'users to evade content rules implemented in Herald.'),`
			`pht(`
			`'You can selectively configure Herald by adding rules to prevent a '.`
			`'subset of enormous changes (for example, based on who is trying '.`
			`'to push the change).'),`
			`);`

			`$submit = pht('Allow Enormous Changes');`
			`}`

			`$more_help = pht(`
			`'Enormous changes are commits which are too large to process with '.`
			`'content rules because: the diff text for the change is larger than '.`
			`'%s bytes; or the diff text takes more than %s seconds to extract.',`
			`new PhutilNumber(HeraldCommitAdapter::getEnormousByteLimit()),`
			`new PhutilNumber(HeraldCommitAdapter::getEnormousTimeLimit()));`

			`$response = $this->newDialog();`

			`foreach ((array)$body as $paragraph) {`
			`$response->appendParagraph($paragraph);`
			`}`

			`return $response`
			`->setTitle($title)`
			`->appendParagraph($more_help)`
			`->addSubmitButton($submit)`
			`->addCancelButton($panel_uri);`
			`}`

			`}`