Make csprintf() return an object, not a string
e953f5c073a6
Actions

Authored by epriestley <git@epriestley.com> on Jul 4 2013, 00:13.

Description

Make csprintf() return an object, not a string

Summary:
See discussion in D6364. This didn't turn out to be as bad as I thought.

Make csprintf() return an object which implements __toString(), but renders in either masked or unmasked modes.

The only downside to this approach is that you must use "%P". It is otherwise completey effective in masking sensitive information, even from logs and traces:

>>> [25] <exec> $ echo 'xxxxx'
<<< [25] <exec> 3,246 us
>>> [26] <exec> $ sh -c 'sh -c '\''sh -c '\''\'\'''\''echo '\''\'\'''\''\'\''\'\'''\'''\''\'\'''\''xxxxx'\''\'\'''\''\'\''\'\'''\'''\''\'\'''\'''\''\'\'''\'''\'''
<<< [26] <exec> 6,922 us
   PASS   13ms★  testPasswords

This also works in the command-which-runs-a-command case, as above.

Test Plan:

Added unit tests.
Ran arc unit --everything in libphutil, arcanist and phabricator.
Browsed around Diffusion.

Reviewers: btrahan, mbishopim3

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6366

Details

Committed

epriestley <git@epriestley.com>

Jul 4 2013, 00:13

Pushed

aubort

Mar 17 2017, 12:03

Parents

rPHUff98fffd1396: Allow UNION queries to be detected as reads for CRSF purposes

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPHUe953f5c073a6: Make csprintf() return an object, not a string (authored by epriestley <git@epriestley.com>).Jul 4 2013, 00:13

Changes (7)

				Path
	M			src/__phutil_library_map__.php
	M			src/future/exec/ExecFuture.php
	M			src/future/exec/execx.php
	M			src/phage/bootloader/PhagePHPAgentBootloader.php
	A			src/xsprintf/PhutilCommandString.php
	A			src/xsprintf/__tests__/PhutilcsprintfTestCase.php
	M			src/xsprintf/csprintf.php