From baab61a01e44afde6913c0cc35f91ee582b08f45 Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Fri, 29 Apr 2011 22:20:52 -0700
Subject: [PATCH] Correct a mask config value

Summary:
The correct name of this key is 'github.application-secret', not
'github.secret'. Make DarkConsole check that all the masked keys exist to
prevent this from happening again. This isn't super important since this
is just intended to protected against casual security lapses (taking a
screenshot with DarkCnosole's "Config" tab open, for instance) but it's easy
to check for so it seems worthwhile to get right.

Test Plan:
Loaded page without the actual config file change, got an exception.
Fixed the config, reloaded the page, good news goats (really trying to get this
to catch on since goats are adorable).

Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran
Differential Revision: 189
---
 conf/default.conf.php                                  |  2 +-
 .../console/plugin/config/DarkConsoleConfigPlugin.php  | 10 ++++++++++
 src/infrastructure/env/PhabricatorEnv.php              |  4 ++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/conf/default.conf.php b/conf/default.conf.php
index 956d7c5fe8..0548384a65 100644
--- a/conf/default.conf.php
+++ b/conf/default.conf.php
@@ -97,7 +97,7 @@ return array(
     'recaptcha.private-key',
     'phabricator.csrf-key',
     'facebook.application-secret',
-    'github.secret',
+    'github.application-secret',
   ),
 
 // --  MySQL  --------------------------------------------------------------- //
diff --git a/src/aphront/console/plugin/config/DarkConsoleConfigPlugin.php b/src/aphront/console/plugin/config/DarkConsoleConfigPlugin.php
index bd67c45f2b..2e9a45bb3a 100644
--- a/src/aphront/console/plugin/config/DarkConsoleConfigPlugin.php
+++ b/src/aphront/console/plugin/config/DarkConsoleConfigPlugin.php
@@ -69,6 +69,16 @@ class DarkConsoleConfigPlugin extends DarkConsolePlugin {
     $mask = PhabricatorEnv::getEnvConfig('darkconsole.config-mask');
     $mask = array_fill_keys($mask, true);
 
+    foreach ($mask as $masked_key => $ignored) {
+      if (!PhabricatorEnv::envConfigExists($masked_key)) {
+        throw new Exception(
+          "Configuration 'darkconsole.config-mask' masks unknown ".
+          "configuration key '".$masked_key."'. If this key has been ".
+          "renamed, you might be accidentally exposing information which you ".
+          "don't intend to.");
+      }
+    }
+
     $rows = array();
     foreach ($config_data as $key => $value) {
       if (empty($mask[$key])) {
diff --git a/src/infrastructure/env/PhabricatorEnv.php b/src/infrastructure/env/PhabricatorEnv.php
index 54fdc3d64f..07b0edcbe3 100644
--- a/src/infrastructure/env/PhabricatorEnv.php
+++ b/src/infrastructure/env/PhabricatorEnv.php
@@ -27,6 +27,10 @@ final class PhabricatorEnv {
     return idx(self::$env, $key, $default);
   }
 
+  public static function envConfigExists($key) {
+    return array_key_exists($key, self::$env);
+  }
+
   public static function getURI($path) {
     return rtrim(self::getEnvConfig('phabricator.base-uri'), '/').$path;
   }