mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-03 19:31:02 +01:00
Use %P for all sensitive command construction in Phabricator
Summary: Depends on D6366. Applies %P everywhere. Test Plan: Ran various daemon commands via scripts, e.g. `bin/repository pull`, `bin/storage dump`. Reviewers: btrahan, mbishopim3 Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D6367
This commit is contained in:
parent
6ab01aa1c2
commit
a0c5a6cdb6
2 changed files with 18 additions and 19 deletions
|
@ -170,17 +170,17 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
|
|||
array_unshift(
|
||||
$args,
|
||||
csprintf(
|
||||
'ssh -l %s -i %s',
|
||||
$this->getSSHLogin(),
|
||||
$this->getSSHKeyfile()));
|
||||
'ssh -l %P -i %P',
|
||||
new PhutilOpaqueEnvelope($this->getSSHLogin()),
|
||||
new PhutilOpaqueEnvelope($this->getSSHKeyfile())));
|
||||
break;
|
||||
case PhabricatorRepositoryType::REPOSITORY_TYPE_GIT:
|
||||
$command = call_user_func_array(
|
||||
'csprintf',
|
||||
array_merge(
|
||||
array(
|
||||
"(ssh-add %s && HOME=%s git {$pattern})",
|
||||
$this->getSSHKeyfile(),
|
||||
"(ssh-add %P && HOME=%s git {$pattern})",
|
||||
new PhutilOpaqueEnvelope($this->getSSHKeyfile()),
|
||||
$empty,
|
||||
),
|
||||
$args));
|
||||
|
@ -192,9 +192,9 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
|
|||
array_unshift(
|
||||
$args,
|
||||
csprintf(
|
||||
'ssh -l %s -i %s',
|
||||
$this->getSSHLogin(),
|
||||
$this->getSSHKeyfile()));
|
||||
'ssh -l %P -i %P',
|
||||
new PhutilOpaqueEnvelope($this->getSSHLogin()),
|
||||
new PhutilOpaqueEnvelope($this->getSSHKeyfile())));
|
||||
break;
|
||||
default:
|
||||
throw new Exception("Unrecognized version control system.");
|
||||
|
@ -207,13 +207,13 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
|
|||
"--non-interactive ".
|
||||
"--no-auth-cache ".
|
||||
"--trust-server-cert ".
|
||||
"--username %s ".
|
||||
"--password %s ".
|
||||
"--username %P ".
|
||||
"--password %P ".
|
||||
$pattern;
|
||||
array_unshift(
|
||||
$args,
|
||||
$this->getDetail('http-login'),
|
||||
$this->getDetail('http-pass'));
|
||||
new PhutilOpaqueEnvelope($this->getDetail('http-login')),
|
||||
new PhutilOpaqueEnvelope($this->getDetail('http-pass')));
|
||||
break;
|
||||
default:
|
||||
throw new Exception(
|
||||
|
@ -226,13 +226,13 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
|
|||
"svn ".
|
||||
"--non-interactive ".
|
||||
"--no-auth-cache ".
|
||||
"--username %s ".
|
||||
"--password %s ".
|
||||
"--username %P ".
|
||||
"--password %P ".
|
||||
$pattern;
|
||||
array_unshift(
|
||||
$args,
|
||||
$this->getDetail('http-login'),
|
||||
$this->getDetail('http-pass'));
|
||||
new PhutilOpaqueEnvelope($this->getDetail('http-login')),
|
||||
new PhutilOpaqueEnvelope($this->getDetail('http-pass')));
|
||||
break;
|
||||
default:
|
||||
throw new Exception(
|
||||
|
|
|
@ -33,9 +33,8 @@ final class PhabricatorStorageManagementDumpWorkflow
|
|||
|
||||
$password = $api->getPassword();
|
||||
if ($password) {
|
||||
$password = $password->openEnvelope();
|
||||
if (strlen($password)) {
|
||||
$flag_password = csprintf('-p%s', $password);
|
||||
if (strlen($password->openEnvelope())) {
|
||||
$flag_password = csprintf('-p%P', $password);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue