Page MenuHomePhabricator
Differential D19758

Work around a Windows escaping issue and security conecern in "hg cat --output ..."
ClosedPublic
Actions

Authored by epriestley on Oct 25 2018, 2:01 AM.
Tags
None
Referenced Files
F18788963: D19758.id.diff
Wed, Oct 15, 7:18 AM
F18744973: D19758.id.diff
Fri, Oct 3, 4:49 AM
F18740865: D19758.diff
Thu, Oct 2, 6:43 AM
F18104526: D19758.id47208.diff
Aug 10 2025, 1:00 PM
F18052928: D19758.id47191.diff
Aug 4 2025, 3:57 AM
F17848213: D19758.id.diff
Jul 27 2025, 7:06 AM
F17831188: D19758.diff
Jul 26 2025, 11:46 AM
F17815388: D19758.id47191.diff
Jul 25 2025, 9:56 PM
View All Files
Subscribers
None

Details

Reviewers
amckinley
Maniphest Tasks
T13209: How To Properly Escape Commands on Windows (A Dark Tragedy)
T13210: Plans: 2018 Week 41-44 Bonus Content
Commits
rARCea6796fea5d0: (stable) Promote 2018 Week 43
rARC637c6584c6ea: (experimental) Work around a Windows escaping issue and security conecern in…
rARC83661809e532: Work around a Windows escaping issue and security conecern in "hg cat --output .
Summary

See PHI904. Ref T13210. Ref T13209. Currently, we have an hg cat construction which attempts to pass a literal %p to Mercurial. This fails because you can't pass % through %s outside of wilds.

It also uses %C to pass a list of file paths. This is broadly unsafe and can cause command execution if you modify a file named, e.g., ; rm -rf xyz or similar. I think it would be difficult to turn this into an attack but it's fairly bad. This dates from D5144 in 2013.

Test Plan

With this patch, created D19757 which has valid binary data (see F5962134).

Diff Detail

Repository
rARC Arcanist
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
src/
repository/
api/
12 lines

Diff 47208

View Options

src/repository/api/ArcanistMercurialAPI.php

Loading...
Phabricator · Built by Phacility