Page MenuHomePhabricator

Work around a Windows escaping issue and security conecern in "hg cat --output ..."
ClosedPublic

Authored by epriestley on Oct 25 2018, 2:01 AM.

Details

Summary

See PHI904. Ref T13210. Ref T13209. Currently, we have an hg cat construction which attempts to pass a literal %p to Mercurial. This fails because you can't pass % through %s outside of wilds.

It also uses %C to pass a list of file paths. This is broadly unsafe and can cause command execution if you modify a file named, e.g., ; rm -rf xyz or similar. I think it would be difficult to turn this into an attack but it's fairly bad. This dates from D5144 in 2013.

Test Plan

With this patch, created D19757 which has valid binary data (see F5962134).

Diff Detail

Repository
rARC Arcanist
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley created this revision.Oct 25 2018, 2:01 AM
epriestley requested review of this revision.Oct 25 2018, 2:02 AM
amckinley accepted this revision.Oct 26 2018, 1:57 AM
This revision is now accepted and ready to land.Oct 26 2018, 1:57 AM
This revision was automatically updated to reflect the committed changes.