Page MenuHomePhabricator

Censor response bodies from Mercurial error messages
ClosedPublic

Authored by epriestley on Mar 26 2015, 4:50 PM.

Details

Summary

Ref T6755. In Git and Subversion, running git clone http://google.com/ or svn checkout http://google.com/ does not echo the response body.

In Mercurial, it does. Censor it from the output of hg pull and hg clone. This prevents an attacker from:

  • Creating a Mercurial remote repository with URI http://10.0.0.1/secrets/; and
  • reading the secrets out of the error message after the clone fails.
Test Plan

Set a Mercurial remote URI to a non-Mercurial repository, ran repository update, saw censored error message.

Diff Detail

Repository
rP Phabricator
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.