mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-24 15:52:41 +01:00
63828f5806
Summary: Ref T12470. This helps defuse attacks where an adversary can directly take control of whatever storage engine files are being stored in and change data there. These attacks would require a significant level of access. Such attackers could potentially attack ranges of AES-256-CBC encrypted files by using Phabricator as a decryption oracle if they were also able to compromise a Phabricator account with read access to the files. By storing a hash of the data (and, in the case of AES-256-CBC files, the IV) when we write files, and verifying it before we decrypt or read them, we can detect and prevent this kind of tampering. This also helps detect mundane corruption and integrity issues. Test Plan: - Added unit tests. - Uploaded new files, saw them get integrity hashes. - Manually corrupted file data, saw it fail. Used `bin/files cat --salvage` to read it anyway. - Tampered with IVs, saw integrity failures. Reviewers: chad Reviewed By: chad Maniphest Tasks: T12470 Differential Revision: https://secure.phabricator.com/D17625 |
||
|---|---|---|
| .. | ||
| PhabricatorFileIntegrityException.php | ||
| PhabricatorFileStorageConfigurationException.php | ||
| PhabricatorFileUploadException.php | ||