Censor response bodies from Mercurial error messages
a4bfed8415c7
Actions

Description

Censor response bodies from Mercurial error messages

Summary:
Ref T6755. In Git and Subversion, running git clone http://google.com/ or svn checkout http://google.com/ does not echo the response body.

In Mercurial, it does. Censor it from the output of hg pull and hg clone. This prevents an attacker from:

Creating a Mercurial remote repository with URI http://10.0.0.1/secrets/; and
reading the secrets out of the error message after the clone fails.

Test Plan: Set a Mercurial remote URI to a non-Mercurial repository, ran repository update, saw censored error message.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6755

Differential Revision: https://secure.phabricator.com/D12170

Details

Provenance

epriestley	Authored on
epriestley	Pushed on Mar 26 2015, 6:13 PM

Reviewer

btrahan

Differential Revision

D12170: Censor response bodies from Mercurial error messages

Parents

rP40fb0f98df6c: Mostly defuse DNS rebinding attack for outbound requests

Branches

Unknown

Tags

Unknown

Tasks

T6755: Allow more granular configuration of `security.allow-outbound-http`

Event Timeline

epriestley committed rPa4bfed8415c7: Censor response bodies from Mercurial error messages (authored by epriestley).Mar 26 2015, 6:13 PM

epriestley added a task: T6755: Allow more granular configuration of `security.allow-outbound-http`.

Changes (1)

Path

Size

src/

applications/

repository/

engine/

PhabricatorRepositoryPullEngine.php

rPa4bfed8415c7

View Options

src/applications/repository/engine/PhabricatorRepositoryPullEngine.php