1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-03 19:31:02 +01:00

Use %P for all sensitive command construction in Phabricator

Summary: Depends on D6366. Applies %P everywhere.

Test Plan: Ran various daemon commands via scripts, e.g. `bin/repository pull`, `bin/storage dump`.

Reviewers: btrahan, mbishopim3

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6367
This commit is contained in:
epriestley 2013-07-03 15:13:45 -07:00
parent 6ab01aa1c2
commit a0c5a6cdb6
2 changed files with 18 additions and 19 deletions

View file

@ -170,17 +170,17 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
array_unshift(
$args,
csprintf(
'ssh -l %s -i %s',
$this->getSSHLogin(),
$this->getSSHKeyfile()));
'ssh -l %P -i %P',
new PhutilOpaqueEnvelope($this->getSSHLogin()),
new PhutilOpaqueEnvelope($this->getSSHKeyfile())));
break;
case PhabricatorRepositoryType::REPOSITORY_TYPE_GIT:
$command = call_user_func_array(
'csprintf',
array_merge(
array(
"(ssh-add %s && HOME=%s git {$pattern})",
$this->getSSHKeyfile(),
"(ssh-add %P && HOME=%s git {$pattern})",
new PhutilOpaqueEnvelope($this->getSSHKeyfile()),
$empty,
),
$args));
@ -192,9 +192,9 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
array_unshift(
$args,
csprintf(
'ssh -l %s -i %s',
$this->getSSHLogin(),
$this->getSSHKeyfile()));
'ssh -l %P -i %P',
new PhutilOpaqueEnvelope($this->getSSHLogin()),
new PhutilOpaqueEnvelope($this->getSSHKeyfile())));
break;
default:
throw new Exception("Unrecognized version control system.");
@ -207,13 +207,13 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
"--non-interactive ".
"--no-auth-cache ".
"--trust-server-cert ".
"--username %s ".
"--password %s ".
"--username %P ".
"--password %P ".
$pattern;
array_unshift(
$args,
$this->getDetail('http-login'),
$this->getDetail('http-pass'));
new PhutilOpaqueEnvelope($this->getDetail('http-login')),
new PhutilOpaqueEnvelope($this->getDetail('http-pass')));
break;
default:
throw new Exception(
@ -226,13 +226,13 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
"svn ".
"--non-interactive ".
"--no-auth-cache ".
"--username %s ".
"--password %s ".
"--username %P ".
"--password %P ".
$pattern;
array_unshift(
$args,
$this->getDetail('http-login'),
$this->getDetail('http-pass'));
new PhutilOpaqueEnvelope($this->getDetail('http-login')),
new PhutilOpaqueEnvelope($this->getDetail('http-pass')));
break;
default:
throw new Exception(

View file

@ -33,9 +33,8 @@ final class PhabricatorStorageManagementDumpWorkflow
$password = $api->getPassword();
if ($password) {
$password = $password->openEnvelope();
if (strlen($password)) {
$flag_password = csprintf('-p%s', $password);
if (strlen($password->openEnvelope())) {
$flag_password = csprintf('-p%P', $password);
}
}