This is an archive of the discontinued Mercurial Phabricator instance.

debugcommands: create new debugantivirusrunning command
ClosedPublic

Authored by durin42 on Apr 1 2020, 10:46 AM.

Download Raw Diff

Details

Reviewers

marmoute
pulkit

Group Reviewers

hg-reviewers

Commits

rHG87047efbc6a6: debugcommands: create new debugantivirusrunning command

Summary

This writes the EICAR test file to .hg/cache, in an attempt to trigger
an AV scanner's scanning engine. This should let us (in theory) detect
some cases when a user's slowness is a result of AV scanning.

Diff Detail

Repository

rHG Mercurial

Branch

default

Lint

No Linters Available

Unit

No Unit Test Coverage

Event Timeline

durin42 created this revision.Apr 1 2020, 10:46 AM

Herald added a reviewer: hg-reviewers. · View Herald TranscriptApr 1 2020, 10:46 AM

Herald added a subscriber: mercurial-devel. · View Herald Transcript

durin42 updated this revision to Diff 20929.Apr 1 2020, 10:51 AM

I do not understand what the intended side-effect of running this command is supposed to be.

In D8353#124864, @indygreg wrote:

I do not understand what the intended side-effect of running this command is supposed to be.

Well, if an AV engine isn't configured to ignore the user's clone, then this will enrage the AV engine by writing out a "virus".

This started out as a joke, but I kind of came around to the realization that it could be useful. So I'm like....90% sure I think this patch makes sense. :)

Should it delete the file after writing it, or don't bother because the AV may have it locked?

In D8353#124948, @mharbison72 wrote:

Should it delete the file after writing it, or don't bother because the AV may have it locked?

I figured just leave it since it's tiny, but maybe we should sleep for a while and then remove it?

In D8353#124949, @durin42 wrote:

In D8353#124948, @mharbison72 wrote:

Should it delete the file after writing it, or don't bother because the AV may have it locked?

I figured just leave it since it's tiny, but maybe we should sleep for a while and then remove it?

That might work. I don't feel too strongly about it, but it seemed weird to leave junk in there and I only realized why as I was writing out the comment. The couple of times I've worked on viruses that evaded detection, file names are what I keyed in on.

Silly question, could make anti virus cough on the mercurial source itself?

mercurial/debugcommands.py
135–138	I think it could be useful to have a clarification of this payload is from an inline comment.

I don't think so, since it's base85-armored and my understanding is that really it's only supposed to trigger in isolation...

The approach seems good, but extra comment and cleanup would be nice.

mercurial/debugcommands.py
139	As @mharbison72 pointed out, it would be nicer to remove the file after it has been scanned.

This revision now requires changes to proceed.Apr 20 2020, 5:15 AM

durin42 updated this revision to Diff 21426.May 18 2020, 1:22 PM

Herald added a subscriber: mercurial-patches. · View Herald TranscriptMay 18 2020, 1:22 PM

Seems overall good. I have some fear over the sleep usage, butit does not seems to depends on test, and I don't know what antivirus looks like.

mercurial/debugcommands.py
143	That seems short ? that might fails on heavy load system. Also, this confused me a bit. How is the antivirus failure supposed to manifest when this code is run? I have no experience with them.

Best guess (given I've never hit an AV problem) is that the AV engine would lose its lunch on the EICAR file and alert the user. I figure if the AV engine isn't picking up on it after 2 seconds then it's probably also not a performance issue for us.

My main question here is : what does "AV engine would lose its lunch" translate in terms of the python runtime ?

Sadly I have no idea on that.

In D8353#128838, @durin42 wrote:

Sadly I have no idea on that.

Do we have a poor windows user that could serve an a guinea pig here ?

In D8353#128839, @marmoute wrote:

In D8353#128838, @durin42 wrote:

Sadly I have no idea on that.

Do we have a poor windows user that could serve an a guinea pig here ?

Seems like we are not able to find a guinea pig here. How about pushing the patch and finding one in wild? :D

In D8353#129493, @pulkit wrote:

In D8353#128839, @marmoute wrote:

In D8353#128838, @durin42 wrote:

Sadly I have no idea on that.

Do we have a poor windows user that could serve an a guinea pig here ?

Seems like we are not able to find a guinea pig here. How about pushing the patch and finding one in wild? :D

Sounds good to me.

I will go ahead and push it before upcoming rc if I hear no objections.

pulkit accepted this revision.Jul 17 2020, 1:08 PM

This revision is now accepted and ready to land.Jul 17 2020, 1:08 PM

durin42 added a commit: rHG87047efbc6a6: debugcommands: create new debugantivirusrunning command.Jul 17 2020, 2:04 PM

Closed by commit rHG87047efbc6a6: debugcommands: create new debugantivirusrunning command (authored by durin42). · Explain Why

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

			Path	Packages
M			mercurial/debugcommands.py (17 lines)
M			tests/test-completion.t (2 lines)
M			tests/test-help.t (2 lines)

Diff	ID	Description	Created	Lint	Unit
Base		Base
Diff 1	20928		Apr 1 2020, 10:46 AM	★	★
Diff 2	20929		Apr 1 2020, 10:51 AM	★	★
Diff 3	21426		May 18 2020, 1:22 PM	★	★
Diff 4	21955	rHG87047efbc6a60fbccde82a07939d3f236db5a2c3	Apr 1 2020, 9:42 AM	★	★

Commit	Parents	Author	Summary	Date
e3a34b776b61	708ad5cf5e5a	Augie Fackler		Apr 1 2020, 9:42 AM

Diff 21426

mercurial/debugcommands.py

	r = repo.changelog			r = repo.changelog
	lookup = repo.lookup			lookup = repo.lookup
	else:			else:
	raise error.Abort(_(b'either two or three arguments required'))			raise error.Abort(_(b'either two or three arguments required'))
	a = r.ancestor(lookup(rev1), lookup(rev2))			a = r.ancestor(lookup(rev1), lookup(rev2))
	ui.write(b'%d:%s\n' % (r.rev(a), hex(a)))			ui.write(b'%d:%s\n' % (r.rev(a), hex(a)))


				@command(b'debugantivirusrunning', [])
				def debugantivirusrunning(ui, repo):
				"""attempt to trigger an antivirus scanner to see if one is active"""
				with repo.cachevfs.open('eicar-test-file.com', b'wb') as f:
				f.write(
				util.b85decode(
				# This is a base85-armored version of the EICAR test file. See
				# https://en.wikipedia.org/wiki/EICAR_test_file for details.
				b'ST#=}P$fV?P+K%yP+C\|uG$>GBDK\|qyDK~v2MM*<JQY}+dK~6+LQba95P'
				marmouteUnsubmitted Not Done I think it could be useful to have a clarification of this payload is from an inline comment. marmoute: I think it could be useful to have a clarification of this payload is from an inline comment.
				b'E<)&Nm5l)EmTEQR4qnHOhq9iNGnJx'
				marmouteUnsubmitted Not Done As @mharbison72 pointed out, it would be nicer to remove the file after it has been scanned. marmoute: As @mharbison72 pointed out, it would be nicer to remove the file after it has been scanned.
				)
				)
				# Give an AV engine time to scan the file.
				time.sleep(2)
				marmouteUnsubmitted Not Done That seems short ? that might fails on heavy load system. Also, this confused me a bit. How is the antivirus failure supposed to manifest when this code is run? I have no experience with them. marmoute: That seems short ? that might fails on heavy load system. Also, this confused me a bit. How is…
				util.unlink(repo.cachevfs.join('eicar-test-file.com'))


	@command(b'debugapplystreamclonebundle', [], b'FILE')			@command(b'debugapplystreamclonebundle', [], b'FILE')
	def debugapplystreamclonebundle(ui, repo, fname):			def debugapplystreamclonebundle(ui, repo, fname):
	"""apply a stream clone bundle file"""			"""apply a stream clone bundle file"""
	f = hg.openpath(ui, fname)			f = hg.openpath(ui, fname)
	gen = exchange.readbundle(ui, f, fname)			gen = exchange.readbundle(ui, f, fname)
	gen.apply(repo)			gen.apply(repo)

tests/test-completion.t


	Do not show debug commands if there are other candidates			Do not show debug commands if there are other candidates
	$ hg debugcomplete d			$ hg debugcomplete d
	diff			diff

	Show debug commands if there are no other candidates			Show debug commands if there are no other candidates
	$ hg debugcomplete debug			$ hg debugcomplete debug
	debugancestor			debugancestor
				debugantivirusrunning
	debugapplystreamclonebundle			debugapplystreamclonebundle
	debugbackupbundle			debugbackupbundle
	debugbuilddag			debugbuilddag
	debugbundle			debugbundle
	debugcapabilities			debugcapabilities
	debugcheckstate			debugcheckstate
	debugcolor			debugcolor
	debugcommands			debugcommands
	bundle: force, rev, branch, base, all, type, ssh, remotecmd, insecure			bundle: force, rev, branch, base, all, type, ssh, remotecmd, insecure
	cat: output, rev, decode, include, exclude, template			cat: output, rev, decode, include, exclude, template
	clone: noupdate, updaterev, rev, branch, pull, uncompressed, stream, ssh, remotecmd, insecure			clone: noupdate, updaterev, rev, branch, pull, uncompressed, stream, ssh, remotecmd, insecure
	commit: addremove, close-branch, amend, secret, edit, force-close-branch, interactive, include, exclude, message, logfile, date, user, subrepos			commit: addremove, close-branch, amend, secret, edit, force-close-branch, interactive, include, exclude, message, logfile, date, user, subrepos
	config: untrusted, edit, local, global, template			config: untrusted, edit, local, global, template
	continue: dry-run			continue: dry-run
	copy: forget, after, at-rev, force, include, exclude, dry-run			copy: forget, after, at-rev, force, include, exclude, dry-run
	debugancestor:			debugancestor:
				debugantivirusrunning:
	debugapplystreamclonebundle:			debugapplystreamclonebundle:
	debugbackupbundle: recover, patch, git, limit, no-merges, stat, graph, style, template			debugbackupbundle: recover, patch, git, limit, no-merges, stat, graph, style, template
	debugbuilddag: mergeable-file, overwritten-file, new-file			debugbuilddag: mergeable-file, overwritten-file, new-file
	debugbundle: all, part-type, spec			debugbundle: all, part-type, spec
	debugcapabilities:			debugcapabilities:
	debugcheckstate:			debugcheckstate:
	debugcolor: style			debugcolor: style
	debugcommands:			debugcommands:

tests/test-help.t


	Test list of internal help commands			Test list of internal help commands

	$ hg help debug			$ hg help debug
	debug commands (internal and unsupported):			debug commands (internal and unsupported):

	debugancestor			debugancestor
	find the ancestor revision of two revisions in a given index			find the ancestor revision of two revisions in a given index
				debugantivirusrunning
				attempt to trigger an antivirus scanner to see if one is active
	debugapplystreamclonebundle			debugapplystreamclonebundle
	apply a stream clone bundle file			apply a stream clone bundle file
	debugbackupbundle			debugbackupbundle
	lists the changesets available in backup bundles			lists the changesets available in backup bundles
	debugbuilddag			debugbuilddag
	builds a repo with a given DAG from scratch in the current			builds a repo with a given DAG from scratch in the current
	empty repo			empty repo
	debugbundle lists the contents of a bundle			debugbundle lists the contents of a bundle