revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-19 13:22:42 +01:00
Code Issues Releases Wiki Activity

Remove phpast.* Conduit methods

Browse source 
Summary:
Ref T4592. These were added with the intent of not requiring builds on Windows, but then we got builds on Windows working and they seem to be straightforward. See T4592 for most recent discussion.

Remove these methods because they aren't really practical for anything and increase attack surface area by giving adversaries access to `xhpast`, and generally bloat up the Conduit API. To my knowledge, nothing has ever called them.

(If an install somehow relies on these, they can drop them into `src/extensions/` to expose them again.)

Test Plan: Viewed conduit.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Maniphest Tasks: T4592

Differential Revision: https://secure.phabricator.com/D8500
This commit is contained in:
epriestley 2014-03-12 11:30:22 -07:00
parent 7176240717
commit 69399dfc2a
4 changed files with 0 additions and 96 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/__phutil_library_map__.php
View file

@ -217,9 +217,6 @@ phutil_register_library_map(array(
'ConduitAPI_phid_info_Method' => 'applications/phid/conduit/ConduitAPI_phid_info_Method.php', 'ConduitAPI_phid_info_Method' => 'applications/phid/conduit/ConduitAPI_phid_info_Method.php',
'ConduitAPI_phid_lookup_Method' => 'applications/phid/conduit/ConduitAPI_phid_lookup_Method.php', 'ConduitAPI_phid_lookup_Method' => 'applications/phid/conduit/ConduitAPI_phid_lookup_Method.php',
'ConduitAPI_phid_query_Method' => 'applications/phid/conduit/ConduitAPI_phid_query_Method.php', 'ConduitAPI_phid_query_Method' => 'applications/phid/conduit/ConduitAPI_phid_query_Method.php',
'ConduitAPI_phpast_Method' => 'applications/phpast/conduit/ConduitAPI_phpast_Method.php',
'ConduitAPI_phpast_getast_Method' => 'applications/phpast/conduit/ConduitAPI_phpast_getast_Method.php',
'ConduitAPI_phpast_version_Method' => 'applications/phpast/conduit/ConduitAPI_phpast_version_Method.php',
'ConduitAPI_phragment_Method' => 'applications/phragment/conduit/ConduitAPI_phragment_Method.php', 'ConduitAPI_phragment_Method' => 'applications/phragment/conduit/ConduitAPI_phragment_Method.php',
'ConduitAPI_phragment_getpatch_Method' => 'applications/phragment/conduit/ConduitAPI_phragment_getpatch_Method.php', 'ConduitAPI_phragment_getpatch_Method' => 'applications/phragment/conduit/ConduitAPI_phragment_getpatch_Method.php',
'ConduitAPI_phragment_queryfragments_Method' => 'applications/phragment/conduit/ConduitAPI_phragment_queryfragments_Method.php', 'ConduitAPI_phragment_queryfragments_Method' => 'applications/phragment/conduit/ConduitAPI_phragment_queryfragments_Method.php',
@ -2746,9 +2743,6 @@ phutil_register_library_map(array(
'ConduitAPI_phid_info_Method' => 'ConduitAPI_phid_Method', 'ConduitAPI_phid_info_Method' => 'ConduitAPI_phid_Method',
'ConduitAPI_phid_lookup_Method' => 'ConduitAPI_phid_Method', 'ConduitAPI_phid_lookup_Method' => 'ConduitAPI_phid_Method',
'ConduitAPI_phid_query_Method' => 'ConduitAPI_phid_Method', 'ConduitAPI_phid_query_Method' => 'ConduitAPI_phid_Method',
'ConduitAPI_phpast_Method' => 'ConduitAPIMethod',
'ConduitAPI_phpast_getast_Method' => 'ConduitAPI_phpast_Method',
'ConduitAPI_phpast_version_Method' => 'ConduitAPI_phpast_Method',
'ConduitAPI_phragment_Method' => 'ConduitAPIMethod', 'ConduitAPI_phragment_Method' => 'ConduitAPIMethod',
'ConduitAPI_phragment_getpatch_Method' => 'ConduitAPI_phragment_Method', 'ConduitAPI_phragment_getpatch_Method' => 'ConduitAPI_phragment_Method',
'ConduitAPI_phragment_queryfragments_Method' => 'ConduitAPI_phragment_Method', 'ConduitAPI_phragment_queryfragments_Method' => 'ConduitAPI_phragment_Method',

13
src/applications/phpast/conduit/ConduitAPI_phpast_Method.php
View file

@ -1,13 +0,0 @@
<?php
/**
* @group conduit
*/
abstract class ConduitAPI_phpast_Method extends ConduitAPIMethod {
public function getApplication() {
return PhabricatorApplication::getByClass(
'PhabricatorApplicationPHPAST');
}
}

37
src/applications/phpast/conduit/ConduitAPI_phpast_getast_Method.php
View file

@ -1,37 +0,0 @@
<?php
/**
* @group conduit
*/
final class ConduitAPI_phpast_getast_Method
extends ConduitAPI_phpast_Method {
public function getMethodDescription() {
return "Parse a piece of PHP code.";
}
public function defineParamTypes() {
return array(
'code' => 'required string',
);
}
public function defineReturnType() {
return 'nonempty dict';
}
public function defineErrorTypes() {
return array(
'ERR-XHPAST-LEY' => 'xhpast got Rickrolled',
);
}
protected function execute(ConduitAPIRequest $request) {
$source = $request->getValue('code');
$future = xhpast_get_parser_future($source);
list($stdout) = $future->resolvex();
return json_decode($stdout, true);
}
}

40
src/applications/phpast/conduit/ConduitAPI_phpast_version_Method.php
View file

@ -1,40 +0,0 @@
<?php
/**
* @group conduit
*/
final class ConduitAPI_phpast_version_Method
extends ConduitAPI_phpast_Method {
public function getMethodDescription() {
return "Get server xhpast version.";
}
public function defineParamTypes() {
return array();
}
public function defineReturnType() {
return 'string';
}
public function defineErrorTypes() {
return array(
'ERR-NOT-FOUND' => 'xhpast was not found on the server',
'ERR-COMMAND-FAILED' => 'xhpast died with a nonzero exit code',
);
}
protected function execute(ConduitAPIRequest $request) {
$path = xhpast_get_binary_path();
if (!Filesystem::pathExists($path)) {
throw new ConduitException('ERR-NOT-FOUND');
}
list($err, $stdout) = exec_manual('%s --version', $path);
if ($err) {
throw new ConduitException('ERR-COMMAND-FAILED');
}
return trim($stdout);
}
}