revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-09-19 16:58:48 +02:00
Code Issues Releases Wiki Activity

Correct a mask config value

Browse source 
Summary:
The correct name of this key is 'github.application-secret', not
'github.secret'. Make DarkConsole check that all the masked keys exist to
prevent this from happening again. This isn't super important since this
is just intended to protected against casual security lapses (taking a
screenshot with DarkCnosole's "Config" tab open, for instance) but it's easy
to check for so it seems worthwhile to get right.

Test Plan:
Loaded page without the actual config file change, got an exception.
Fixed the config, reloaded the page, good news goats (really trying to get this
to catch on since goats are adorable).

Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran
Differential Revision: 189
This commit is contained in:
epriestley 2011-04-29 22:20:52 -07:00
parent 94df249775
commit baab61a01e
3 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
conf/default.conf.php
View file

@ -97,7 +97,7 @@ return array(
'recaptcha.private-key', 'recaptcha.private-key',
'phabricator.csrf-key', 'phabricator.csrf-key',
'facebook.application-secret', 'facebook.application-secret',
'github.secret', 'github.application-secret',
), ),
// -- MySQL --------------------------------------------------------------- // // -- MySQL --------------------------------------------------------------- //

10
src/aphront/console/plugin/config/DarkConsoleConfigPlugin.php
View file

@ -69,6 +69,16 @@ class DarkConsoleConfigPlugin extends DarkConsolePlugin {
$mask = PhabricatorEnv::getEnvConfig('darkconsole.config-mask'); $mask = PhabricatorEnv::getEnvConfig('darkconsole.config-mask');
$mask = array_fill_keys($mask, true); $mask = array_fill_keys($mask, true);
foreach ($mask as $masked_key => $ignored) {
if (!PhabricatorEnv::envConfigExists($masked_key)) {
throw new Exception(
"Configuration 'darkconsole.config-mask' masks unknown ".
"configuration key '".$masked_key."'. If this key has been ".
"renamed, you might be accidentally exposing information which you ".
"don't intend to.");
}
}
$rows = array(); $rows = array();
foreach ($config_data as $key => $value) { foreach ($config_data as $key => $value) {
if (empty($mask[$key])) { if (empty($mask[$key])) {

4
src/infrastructure/env/PhabricatorEnv.php vendored
View file

@ -27,6 +27,10 @@ final class PhabricatorEnv {
return idx(self::$env, $key, $default); return idx(self::$env, $key, $default);
} }
public static function envConfigExists($key) {
return array_key_exists($key, self::$env);
}
public static function getURI($path) { public static function getURI($path) {
return rtrim(self::getEnvConfig('phabricator.base-uri'), '/').$path; return rtrim(self::getEnvConfig('phabricator.base-uri'), '/').$path;
} }