revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-02 19:52:44 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/config/check
History
epriestley eb73cb68ff Raise a setup warning when locked configuration has a configuration value stored in the database 
Summary:
Ref T13249. See <https://discourse.phabricator-community.org/t/configuring-the-number-of-taskmaster-daemons/2394/>.

Today, when a configuration value is "locked", we prevent //writes// to the database. However, we still perform reads. When you upgrade, we generally don't want a bunch of your configuration to change by surprise.

Some day, I'd like to stop reading locked configuration from the database. This would defuse an escalation where an attacker finds a way to write to locked configuration despite safeguards, e.g. through SQL injection or policy bypass. Today, they could write to `cluster.mailers` or similar and substantially escalate access. A better behavior would be to ignore database values for `cluster.mailers` and other locked config, so that these impermissible writes have no effect.

Doing this today would break a lot of installs, but we can warn them about it now and then make the change at a later date.

Test Plan:
  - Forced a `phd.taskmasters` config value into the database.
  - Saw setup warning.
  - Used `bin/config delete --database phd.taskmasters` to clear the warning.
  - Reviewed documentation changes.
  - Reviewed `phd.taskmasters` documentation adjustment.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13249

Differential Revision: https://secure.phabricator.com/D20159
2019-02-13 12:27:48 -08:00
..
__tests__ Add a bunch of tests for subclass implementations 2015-06-15 18:13:27 +10:00
PhabricatorAuthSetupCheck.php Config - make "No auth providers configured" check use proper hyperlinking technology 2015-06-16 14:49:52 -07:00
PhabricatorBaseURISetupCheck.php Improve "Host" header check 2015-02-26 14:37:48 -08:00
PhabricatorBinariesSetupCheck.php Move Phabricator to use PhutilBinaryAnalyzer and show binary versions 2017-08-01 07:14:48 -07:00
PhabricatorCacheSetupCheck.php Redesign Config Application 2016-08-29 15:49:49 -07:00
PhabricatorDaemonsSetupCheck.php Be less strict when detecting dead daemons 2017-02-22 14:11:28 -08:00
PhabricatorDatabaseSetupCheck.php When storage is partitioned, refuse to serve requests unless web and databases agree on partitioning 2016-11-22 04:15:46 -08:00
PhabricatorElasticsearchSetupCheck.php Don't fatal in ElasticSearch setup check if no "master" database is configured 2017-08-17 10:39:00 -07:00
PhabricatorExtensionsSetupCheck.php Remove "iconv" PHP extension dependency 2019-01-30 19:46:58 -08:00
PhabricatorExtraConfigSetupCheck.php Raise a setup warning when locked configuration has a configuration value stored in the database 2019-02-13 12:27:48 -08:00
PhabricatorFileinfoSetupCheck.php phtize all the things 2015-05-22 21:16:39 +10:00
PhabricatorGDSetupCheck.php Include extension name for GDSetupCheck. 2018-01-24 16:02:28 -05:00
PhabricatorImagemagickSetupCheck.php phtize all the things 2015-05-22 21:16:39 +10:00
PhabricatorInvalidConfigSetupCheck.php Split Setup Issues into Groups 2015-02-10 12:53:00 -08:00
PhabricatorMailSetupCheck.php Resurrect setup check for cluster.mailers 2019-01-16 12:14:36 -08:00
PhabricatorManualActivitySetupCheck.php Add migration to encourage rebuilding repository identities 2018-08-10 13:47:03 -07:00
PhabricatorMySQLSetupCheck.php Add setup warnings for "local_infile" (MySQL Server) and "mysql[i].allow_local_infile" (PHP Client) 2019-01-18 19:49:48 -08:00
PhabricatorPathSetupCheck.php Rename "PhabricatorHash::digest()" to "weakDigest()" 2017-04-06 15:43:33 -07:00
PhabricatorPHPConfigSetupCheck.php Add setup warnings for "local_infile" (MySQL Server) and "mysql[i].allow_local_infile" (PHP Client) 2019-01-18 19:49:48 -08:00
PhabricatorPHPPreflightSetupCheck.php Make the "PHP 7" setup warning more explicit about what it means 2019-01-24 15:09:00 -08:00
PhabricatorPygmentSetupCheck.php Fix message about pygments being in $PATH 2015-10-16 09:51:39 -07:00
PhabricatorRepositoriesSetupCheck.php Store Almanac "service types" instead of "service classes" 2016-02-26 06:21:50 -08:00
PhabricatorSecuritySetupCheck.php Fix errors found by PHPStan 2017-02-17 10:10:15 +00:00
PhabricatorSetupCheck.php Fix two cache issues (global settings; initial setup) 2016-12-11 08:28:10 -08:00
PhabricatorStorageSetupCheck.php Fix spelling 2017-10-09 10:48:04 -07:00
PhabricatorTimezoneSetupCheck.php Remove duplicated duplicated words 2015-06-27 08:43:44 -07:00
PhabricatorWebServerSetupCheck.php Add a setup check for installation on a burstable instance type 2016-12-09 08:32:16 -08:00