revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-10 08:52:39 +01:00
Code Issues Releases Wiki Activity

Use %P for all sensitive command construction in Phabricator

Browse source 
Summary: Depends on D6366. Applies %P everywhere.

Test Plan: Ran various daemon commands via scripts, e.g. `bin/repository pull`, `bin/storage dump`.

Reviewers: btrahan, mbishopim3

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6367
This commit is contained in:
epriestley 2013-07-03 15:13:45 -07:00
parent 6ab01aa1c2
commit a0c5a6cdb6
2 changed files with 18 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
src/applications/repository/storage/PhabricatorRepository.php
View file

@ -170,17 +170,17 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
array_unshift( array_unshift(
$args, $args,
csprintf( csprintf(
'ssh -l %s -i %s', 'ssh -l %P -i %P',
$this->getSSHLogin(), new PhutilOpaqueEnvelope($this->getSSHLogin()),
$this->getSSHKeyfile())); new PhutilOpaqueEnvelope($this->getSSHKeyfile())));
break; break;
case PhabricatorRepositoryType::REPOSITORY_TYPE_GIT: case PhabricatorRepositoryType::REPOSITORY_TYPE_GIT:
$command = call_user_func_array( $command = call_user_func_array(
'csprintf', 'csprintf',
array_merge( array_merge(
array( array(
"(ssh-add %s && HOME=%s git {$pattern})", "(ssh-add %P && HOME=%s git {$pattern})",
$this->getSSHKeyfile(), new PhutilOpaqueEnvelope($this->getSSHKeyfile()),
$empty, $empty,
), ),
$args)); $args));
@ -192,9 +192,9 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
array_unshift( array_unshift(
$args, $args,
csprintf( csprintf(
'ssh -l %s -i %s', 'ssh -l %P -i %P',
$this->getSSHLogin(), new PhutilOpaqueEnvelope($this->getSSHLogin()),
$this->getSSHKeyfile())); new PhutilOpaqueEnvelope($this->getSSHKeyfile())));
break; break;
default: default:
throw new Exception("Unrecognized version control system."); throw new Exception("Unrecognized version control system.");
@ -207,13 +207,13 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
"--non-interactive ". "--non-interactive ".
"--no-auth-cache ". "--no-auth-cache ".
"--trust-server-cert ". "--trust-server-cert ".
"--username %s ". "--username %P ".
"--password %s ". "--password %P ".
$pattern; $pattern;
array_unshift( array_unshift(
$args, $args,
$this->getDetail('http-login'), new PhutilOpaqueEnvelope($this->getDetail('http-login')),
$this->getDetail('http-pass')); new PhutilOpaqueEnvelope($this->getDetail('http-pass')));
break; break;
default: default:
throw new Exception( throw new Exception(
@ -226,13 +226,13 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
"svn ". "svn ".
"--non-interactive ". "--non-interactive ".
"--no-auth-cache ". "--no-auth-cache ".
"--username %s ". "--username %P ".
"--password %s ". "--password %P ".
$pattern; $pattern;
array_unshift( array_unshift(
$args, $args,
$this->getDetail('http-login'), new PhutilOpaqueEnvelope($this->getDetail('http-login')),
$this->getDetail('http-pass')); new PhutilOpaqueEnvelope($this->getDetail('http-pass')));
break; break;
default: default:
throw new Exception( throw new Exception(

5
src/infrastructure/storage/management/workflow/PhabricatorStorageManagementDumpWorkflow.php
View file

@ -33,9 +33,8 @@ final class PhabricatorStorageManagementDumpWorkflow
$password = $api->getPassword(); $password = $api->getPassword();
if ($password) { if ($password) {
$password = $password->openEnvelope(); if (strlen($password->openEnvelope())) {
if (strlen($password)) { $flag_password = csprintf('-p%P', $password);
$flag_password = csprintf('-p%s', $password);
} }
} }