HomePhabricator

Prevent the use of `file://` URIs in Diffusion

Description

Prevent the use of file:// URIs in Diffusion

Summary:
Via HackerOne. There are two attacks here:

  • Configuring mirroring to a file:// URI to place files on disk or overwrite another repository. This is not particularly severe.
  • Configuring cloning from a file:// URI to read repositories you should not have access to. This is more severe.

Historically, repository creation and editing explicitly supported file:// URIs to deal with use cases where you had something else managing repositories on the same machine. Since there were no permissions, repository management was admin-only, and you couldn't mirror, this was fine.

As we've evolved, this use case is a tiny minority use case and the security implications of file:// URIs overwhelm the utility it provides. Prevent the use of file:// URIs. Existing configured repositories won't stop working, you just can't add any new ones.

Also prevent localPath from being set via Conduit (see T4039).

Test Plan:

  • Tried to create a file:// repository.
  • Tried to create a file:// mirror.
  • Tried to create a file:// repository via Conduit.
  • Created a non-file:// repository.
  • Created a non-file:// mirror.
  • Created a non-file:// repository via Conduit.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9513

Details

Provenance
epriestleyAuthored on
epriestleyPushed on Jun 13 2014, 2:07 PM
Reviewer
chad
Differential Revision
D9513: Prevent the use of `file://` URIs in Diffusion
Parents
rP993b73596adf: Fix wording of 'bin/remove' prompt for repositories
Branches
Unknown
Tags
Unknown

Event Timeline