mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-05 12:21:02 +01:00
Use %P for all sensitive command construction in Phabricator
Summary: Depends on D6366. Applies %P everywhere. Test Plan: Ran various daemon commands via scripts, e.g. `bin/repository pull`, `bin/storage dump`. Reviewers: btrahan, mbishopim3 Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D6367
This commit is contained in:
parent
6ab01aa1c2
commit
a0c5a6cdb6
2 changed files with 18 additions and 19 deletions
|
@ -170,17 +170,17 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
|
||||||
array_unshift(
|
array_unshift(
|
||||||
$args,
|
$args,
|
||||||
csprintf(
|
csprintf(
|
||||||
'ssh -l %s -i %s',
|
'ssh -l %P -i %P',
|
||||||
$this->getSSHLogin(),
|
new PhutilOpaqueEnvelope($this->getSSHLogin()),
|
||||||
$this->getSSHKeyfile()));
|
new PhutilOpaqueEnvelope($this->getSSHKeyfile())));
|
||||||
break;
|
break;
|
||||||
case PhabricatorRepositoryType::REPOSITORY_TYPE_GIT:
|
case PhabricatorRepositoryType::REPOSITORY_TYPE_GIT:
|
||||||
$command = call_user_func_array(
|
$command = call_user_func_array(
|
||||||
'csprintf',
|
'csprintf',
|
||||||
array_merge(
|
array_merge(
|
||||||
array(
|
array(
|
||||||
"(ssh-add %s && HOME=%s git {$pattern})",
|
"(ssh-add %P && HOME=%s git {$pattern})",
|
||||||
$this->getSSHKeyfile(),
|
new PhutilOpaqueEnvelope($this->getSSHKeyfile()),
|
||||||
$empty,
|
$empty,
|
||||||
),
|
),
|
||||||
$args));
|
$args));
|
||||||
|
@ -192,9 +192,9 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
|
||||||
array_unshift(
|
array_unshift(
|
||||||
$args,
|
$args,
|
||||||
csprintf(
|
csprintf(
|
||||||
'ssh -l %s -i %s',
|
'ssh -l %P -i %P',
|
||||||
$this->getSSHLogin(),
|
new PhutilOpaqueEnvelope($this->getSSHLogin()),
|
||||||
$this->getSSHKeyfile()));
|
new PhutilOpaqueEnvelope($this->getSSHKeyfile())));
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
throw new Exception("Unrecognized version control system.");
|
throw new Exception("Unrecognized version control system.");
|
||||||
|
@ -207,13 +207,13 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
|
||||||
"--non-interactive ".
|
"--non-interactive ".
|
||||||
"--no-auth-cache ".
|
"--no-auth-cache ".
|
||||||
"--trust-server-cert ".
|
"--trust-server-cert ".
|
||||||
"--username %s ".
|
"--username %P ".
|
||||||
"--password %s ".
|
"--password %P ".
|
||||||
$pattern;
|
$pattern;
|
||||||
array_unshift(
|
array_unshift(
|
||||||
$args,
|
$args,
|
||||||
$this->getDetail('http-login'),
|
new PhutilOpaqueEnvelope($this->getDetail('http-login')),
|
||||||
$this->getDetail('http-pass'));
|
new PhutilOpaqueEnvelope($this->getDetail('http-pass')));
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
throw new Exception(
|
throw new Exception(
|
||||||
|
@ -226,13 +226,13 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
|
||||||
"svn ".
|
"svn ".
|
||||||
"--non-interactive ".
|
"--non-interactive ".
|
||||||
"--no-auth-cache ".
|
"--no-auth-cache ".
|
||||||
"--username %s ".
|
"--username %P ".
|
||||||
"--password %s ".
|
"--password %P ".
|
||||||
$pattern;
|
$pattern;
|
||||||
array_unshift(
|
array_unshift(
|
||||||
$args,
|
$args,
|
||||||
$this->getDetail('http-login'),
|
new PhutilOpaqueEnvelope($this->getDetail('http-login')),
|
||||||
$this->getDetail('http-pass'));
|
new PhutilOpaqueEnvelope($this->getDetail('http-pass')));
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
throw new Exception(
|
throw new Exception(
|
||||||
|
|
|
@ -33,9 +33,8 @@ final class PhabricatorStorageManagementDumpWorkflow
|
||||||
|
|
||||||
$password = $api->getPassword();
|
$password = $api->getPassword();
|
||||||
if ($password) {
|
if ($password) {
|
||||||
$password = $password->openEnvelope();
|
if (strlen($password->openEnvelope())) {
|
||||||
if (strlen($password)) {
|
$flag_password = csprintf('-p%P', $password);
|
||||||
$flag_password = csprintf('-p%s', $password);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue