Page MenuHomePhabricator

Censor response bodies from Mercurial error messages
ClosedPublic

Authored by epriestley on Mar 26 2015, 4:50 PM.
Tags
None
Referenced Files
F17850725: D12170.diff
Sun, Jul 27, 10:22 AM
F17824718: D12170.diff
Sat, Jul 26, 5:41 AM
F17817267: D12170.diff
Fri, Jul 25, 11:25 PM
F17717741: D12170.diff
Fri, Jul 18, 12:09 AM
F17665836: D12170.diff
Sat, Jul 12, 8:29 PM
F17623228: D12170.diff
Thu, Jul 10, 12:33 AM
Unknown Object (File)
Wed, Jul 2, 5:01 AM
Unknown Object (File)
Jun 19 2025, 9:45 AM
Subscribers

Details

Summary

Ref T6755. In Git and Subversion, running git clone http://google.com/ or svn checkout http://google.com/ does not echo the response body.

In Mercurial, it does. Censor it from the output of hg pull and hg clone. This prevents an attacker from:

  • Creating a Mercurial remote repository with URI http://10.0.0.1/secrets/; and
  • reading the secrets out of the error message after the clone fails.
Test Plan

Set a Mercurial remote URI to a non-Mercurial repository, ran repository update, saw censored error message.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable