recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Don't leave temporary files around when trying to use credentials with destroyed secrets

Summary: Ref T4284. This fixes at least one problem which can cause the observed behavior.

Test Plan:
- Before applying patch, used `PHABRICATOR_CREDENTIAL=PHID-CDTL-... bin/ssh-connect` + debugging prints to verify the keyfile was written and cleaned up normally.
- Destroyed the credental, verified the temporary file was not cleand up correctly.
- Applied patch, verified temporary file was not written and command exited with sensible error.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4284

Differential Revision: https://secure.phabricator.com/D10328

epriestley 241cfc2e 7d31ea7c

+11 -6
+11 -6
src/applications/passphrase/keys/PassphraseSSHKey.php
··· 17 17 18 18 $file_type = PassphraseCredentialTypeSSHPrivateKeyFile::CREDENTIAL_TYPE; 19 19 if ($credential->getCredentialType() != $file_type) { 20 - // If the credential does not store a file, write the key txt out to a 20 + // If the credential does not store a file, write the key text out to a 21 21 // temporary file so we can pass it to `ssh`. 22 22 if (!$this->keyFile) { 23 - $temporary_file = new TempFile('passphrase-ssh-key'); 23 + $secret = $credential->getSecret(); 24 + if (!$secret) { 25 + throw new Exception( 26 + pht( 27 + 'Attempting to use a credential ("%s") but the credential '. 28 + 'secret has been destroyed!', 29 + $credential->getMonogram())); 30 + } 24 31 32 + $temporary_file = new TempFile('passphrase-ssh-key'); 25 33 Filesystem::changePermissions($temporary_file, 0600); 26 - 27 - Filesystem::writeFile( 28 - $temporary_file, 29 - $credential->getSecret()->openEnvelope()); 34 + Filesystem::writeFile($temporary_file, $secret->openEnvelope()); 30 35 31 36 $this->keyFile = $temporary_file; 32 37 }