Page MenuHomePhabricator

Censor response bodies from Mercurial error messages
ClosedPublic

Authored by epriestley on Mar 26 2015, 4:50 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Dec 21, 5:40 PM
Unknown Object (File)
Fri, Dec 20, 7:43 PM
Unknown Object (File)
Fri, Dec 20, 2:01 AM
Unknown Object (File)
Fri, Dec 13, 11:39 AM
Unknown Object (File)
Fri, Dec 13, 1:11 AM
Unknown Object (File)
Wed, Dec 4, 3:58 PM
Unknown Object (File)
Fri, Nov 29, 12:11 PM
Unknown Object (File)
Nov 20 2024, 3:07 PM
Subscribers

Details

Summary

Ref T6755. In Git and Subversion, running git clone http://google.com/ or svn checkout http://google.com/ does not echo the response body.

In Mercurial, it does. Censor it from the output of hg pull and hg clone. This prevents an attacker from:

  • Creating a Mercurial remote repository with URI http://10.0.0.1/secrets/; and
  • reading the secrets out of the error message after the clone fails.
Test Plan

Set a Mercurial remote URI to a non-Mercurial repository, ran repository update, saw censored error message.

Diff Detail

Repository
rP Phabricator
Branch
dnsrebind3
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 4989
Build 5007: [Placeholder Plan] Wait for 30 Seconds