Page MenuHomePhabricator
Files F13967152

D10561.diff
No OneTemporary
Actions

D10561.diff
View Options

diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -2256,6 +2256,7 @@
'PhabricatorSetupCheckPath' => 'applications/config/check/PhabricatorSetupCheckPath.php',
'PhabricatorSetupCheckPygment' => 'applications/config/check/PhabricatorSetupCheckPygment.php',
'PhabricatorSetupCheckRepositories' => 'applications/config/check/PhabricatorSetupCheckRepositories.php',
+ 'PhabricatorSetupCheckSecurity' => 'applications/config/check/PhabricatorSetupCheckSecurity.php',
'PhabricatorSetupCheckStorage' => 'applications/config/check/PhabricatorSetupCheckStorage.php',
'PhabricatorSetupCheckTimezone' => 'applications/config/check/PhabricatorSetupCheckTimezone.php',
'PhabricatorSetupIssue' => 'applications/config/issue/PhabricatorSetupIssue.php',
@@ -5240,6 +5241,7 @@
'PhabricatorSetupCheckPath' => 'PhabricatorSetupCheck',
'PhabricatorSetupCheckPygment' => 'PhabricatorSetupCheck',
'PhabricatorSetupCheckRepositories' => 'PhabricatorSetupCheck',
+ 'PhabricatorSetupCheckSecurity' => 'PhabricatorSetupCheck',
'PhabricatorSetupCheckStorage' => 'PhabricatorSetupCheck',
'PhabricatorSetupCheckTimezone' => 'PhabricatorSetupCheck',
'PhabricatorSetupIssueExample' => 'PhabricatorUIExample',
diff --git a/src/applications/config/check/PhabricatorSetupCheckSecurity.php b/src/applications/config/check/PhabricatorSetupCheckSecurity.php
new file mode 100644
--- /dev/null
+++ b/src/applications/config/check/PhabricatorSetupCheckSecurity.php
@@ -0,0 +1,49 @@
+<?php
+
+final class PhabricatorSetupCheckSecurity extends PhabricatorSetupCheck {
+
+ protected function executeChecks() {
+
+ // This checks for a version of bash with the "Shellshock" vulnerability.
+ // For details, see T6185.
+
+ $payload = array(
+ 'SHELLSHOCK_PAYLOAD' => '() { :;} ; echo VULNERABLE',
+ );
+
+ list($err, $stdout) = id(new ExecFuture('echo shellshock-test'))
+ ->setEnv($payload, $wipe_process_env = true)
+ ->resolve();
+
+ if (!$err && preg_match('/VULNERABLE/', $stdout)) {
+ $summary = pht(
+ 'This system has an unpatched version of Bash with a severe, widely '.
+ 'disclosed vulnerability.');
+
+ $message = pht(
+ 'The version of %s on this system is out of date and contains a '.
+ 'major, widely disclosed vulnerability (the "Shellshock" '.
+ 'vulnerability).'.
+ "\n\n".
+ 'Upgrade %s to a patched version.'.
+ "\n\n".
+ 'To learn more about how this issue affects Phabricator, see %s.',
+ phutil_tag('tt', array(), 'bash'),
+ phutil_tag('tt', array(), 'bash'),
+ phutil_tag(
+ 'a',
+ array(
+ 'href' => 'https://secure.phabricator.com/T6185',
+ 'target' => '_blank',
+ ),
+ pht('T6185 "Shellshock" Bash Vulnerability')));
+
+ $this
+ ->newIssue('security.shellshock')
+ ->setName(pht('Severe Security Vulnerability: Unpatched Bash'))
+ ->setSummary($summary)
+ ->setMessage($message);
+ }
+
+ }
+}

File Metadata

Mime Type
text/plain
Expires
Oct 17 2024, 12:03 PM (4 w, 4 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6710537
Default Alt Text
D10561.diff (3 KB)

Event Timeline

Phabricator · Built by Phacility