Create AphrontWriteGuard, a backup mechanism for CSRF validation
39b4d20ce528
Actions

Authored by epriestley <git@epriestley.com> on Aug 3 2011, 20:49.

Description

Create AphrontWriteGuard, a backup mechanism for CSRF validation

Summary:
Provide a catchall mechanism to find unprotected writes.

Depends on D758.
Similar to WriteOnHTTPGet stuff from Facebook's stack.
Since we have a small number of storage mechanisms and highly structured

read/write pathways, we can explicitly answer the question "is this page
performing a write?".

Never allow writes without CSRF checks.
This will probably break some things. That's fine: they're CSRF

vulnerabilities or weird edge cases that we can fix. But don't push to Facebook
for a few days unless you're prepared to deal with this.

**>>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF!

<<<**

Test Plan:

Ran some scripts that perform writes (scripts/search indexers), no issues.
Performed normal CSRF submits.
Added writes to an un-CSRF'd page, got an exception.
Executed conduit methods.
Did login/logout (this works because the logged-out user validates the

logged-out csrf "token").

Did OAuth login.
Did OAuth registration.

Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran,
codeblock
Commenters: pedram
CC: aran, epriestley, pedram
Differential Revision: 777

Details

Committed

epriestley <git@epriestley.com>

Aug 16 2011, 22:29

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPH68c30e1a714a: Provide a setting which forces all file views to be served from an alternate…

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH39b4d20ce528: Create AphrontWriteGuard, a backup mechanism for CSRF validation (authored by epriestley <git@epriestley.com>).Aug 16 2011, 22:29

Changes (31)

		Path
M		scripts/__init_script__.php
M		src/__phutil_library_map__.php
A	(dir)	src/aphront/writeguard/
A		src/aphront/writeguard/AphrontWriteGuard.php
A		src/aphront/writeguard/__init__.php
A	(dir)	src/aphront/writeguard/scopeguard/
P		src/aphront/writeguard/scopeguard/AphrontScopedUnguardedWriteCapability.php Copied from src/applications/maniphest/storage/base/ManiphestDAO.php
A		src/aphront/writeguard/scopeguard/__init__.php
M		src/applications/auth/controller/oauth/PhabricatorOAuthLoginController.php
M		src/applications/auth/controller/oauth/__init__.php
M		src/applications/conduit/controller/api/PhabricatorConduitAPIController.php
M		src/applications/conduit/controller/api/__init__.php
M		src/applications/conduit/method/base/ConduitAPIMethod.php
M		src/applications/conduit/method/conduit/connect/ConduitAPI_conduit_connect_Method.php
M		src/applications/conduit/method/daemon/launched/ConduitAPI_daemon_launched_Method.php
M		src/applications/conduit/method/daemon/log/ConduitAPI_daemon_log_Method.php
M		src/applications/differential/view/inlinecomment/DifferentialInlineCommentView.php
M		src/applications/differential/view/inlinecomment/__init__.php
M		src/applications/differential/view/revisioncomment/DifferentialRevisionCommentView.php
M		src/applications/differential/view/revisioncomment/__init__.php
M		src/applications/files/engine/localdisk/PhabricatorLocalDiskFileStorageEngine.php
M		src/applications/files/engine/localdisk/__init__.php
M		src/applications/files/engine/s3/PhabricatorS3FileStorageEngine.php
M		src/applications/files/engine/s3/__init__.php
M		src/applications/maniphest/view/transactiondetail/ManiphestTransactionDetailView.php
M		src/applications/maniphest/view/transactiondetail/__init__.php
M		src/applications/people/storage/user/PhabricatorUser.php
M		src/applications/people/storage/user/__init__.php
M		src/storage/connection/mysql/AphrontMySQLDatabaseConnection.php
M		src/storage/connection/mysql/__init__.php
M		webroot/index.php