Page MenuHomePhabricator
Differential D19758

Work around a Windows escaping issue and security conecern in "hg cat --output ..."
ClosedPublic
Actions

Authored by epriestley on Oct 25 2018, 2:01 AM.
Tags
None
Referenced Files
Unknown Object (File)
Apr 16 2026, 3:16 PM
Unknown Object (File)
Mar 9 2026, 6:57 PM
Unknown Object (File)
Mar 7 2026, 3:03 AM
Unknown Object (File)
Mar 3 2026, 10:27 PM
Unknown Object (File)
Feb 28 2026, 10:06 PM
Unknown Object (File)
Feb 28 2026, 5:01 PM
Unknown Object (File)
Jan 11 2026, 8:43 PM
Unknown Object (File)
Dec 28 2025, 8:42 AM
View All Files
Subscribers
None

Details

Reviewers
amckinley
Maniphest Tasks
T13209: How To Properly Escape Commands on Windows (A Dark Tragedy)
T13210: Plans: 2018 Week 41-44 Bonus Content
Commits
rARCea6796fea5d0: (stable) Promote 2018 Week 43
rARC637c6584c6ea: (experimental) Work around a Windows escaping issue and security conecern in…
rARC83661809e532: Work around a Windows escaping issue and security conecern in "hg cat --output .
Summary

See PHI904. Ref T13210. Ref T13209. Currently, we have an hg cat construction which attempts to pass a literal %p to Mercurial. This fails because you can't pass % through %s outside of wilds.

It also uses %C to pass a list of file paths. This is broadly unsafe and can cause command execution if you modify a file named, e.g., ; rm -rf xyz or similar. I think it would be difficult to turn this into an attack but it's fairly bad. This dates from D5144 in 2013.

Test Plan

With this patch, created D19757 which has valid binary data (see F5962134).

Diff Detail

Repository
rARC Arcanist
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
src/
repository/
api/
12 lines

Diff 47208

View Options

src/repository/api/ArcanistMercurialAPI.php

Loading...
Phabricator · Built by Phacility