Page MenuHomePhorge
Differential D25026

Fix incorrect quoting of author in 'arc patch'
ClosedPublic
Actions

Authored by ldanna on Oct 17 2021, 20:02.

Details

Reviewers
speck
Group Reviewers
O1: Blessed Committers
Commits
rARC4230292997ce: Fix incorrect quoting of author in 'arc patch'
Summary

Author field is formatted with csprintf, which would be appropriate
if the resulting string was concatenated into a shell command as a
string -- but because the flags are passed as a vector of strings
and not parsed by the shell, this results in extraneous shell
quoting making it into to author field. In particular this
renders my name as D'\''Anna instead of D'Anna

Test Plan

Performed 'arc patch' with and without these changes, confirmed
that my apostrophe was no longer mangled by shell quotes in the
resulting commit.

Diff Detail

Repository
rARC Arcanist
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

ldanna created this revision.Oct 17 2021, 20:02
Owners added a reviewer: O1: Blessed Committers.Oct 17 2021, 20:02
Herald added subscribers: valerio.bozzolan, tobiaswiese, speck. · View Herald TranscriptOct 17 2021, 20:02
ldanna requested review of this revision.Oct 17 2021, 20:02
Harbormaster completed remote builds in B54: Diff 74.Oct 17 2021, 20:02
Ekubischta subscribed.Oct 21 2021, 13:39

I feel like this is a good change. I do not see any security vulnerabilities that could be introduced by this..

I will let everyone else chime in as shell escaping code is an attack vector

speck accepted this revision.Oct 22 2021, 15:48
This revision is now accepted and ready to land.Oct 22 2021, 15:48
speck added a comment.Oct 22 2021, 15:48

Thank you for submitting this change!

ldanna added a comment.Oct 22 2021, 22:08

@speck thanks, how do I land the change?

MacFan4000 subscribed.EditedOct 23 2021, 18:19

A member of Trusted Contributors will land it for you.

Closed by commit rARC4230292997ce: Fix incorrect quoting of author in 'arc patch'. · Explain WhyOct 23 2021, 19:02
This revision was automatically updated to reflect the committed changes.
MacFan4000 added a commit: rARC4230292997ce: Fix incorrect quoting of author in 'arc patch'.
Matthew mentioned this in 2021 Week 99 (Future).Nov 8 2021, 21:19
Matthew mentioned this in 2022 Week 37.Sep 7 2022, 22:34

Revision Contents
Changeset List

PathSizePackages
src/
workflow/
2 linesO1: Blessed Committers

Diff 75

View Options

src/workflow/ArcanistPatchWorkflow.php

Loading...
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0