Commitffddedf

committed

Use copy and not inplace remove password + working case test

1 parent50cbafc commitffddedfCopy full SHA for ffddedf

File tree

4 files changed

+21

-13

lines changed

git
- cmd.py
- util.py
test
- test_repo.py
- test_util.py

4 files changed

+21

-13

lines changed

`‎git/cmd.py`

Lines changed: 8 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -405,7 +405,7 @@ def read_all_from_possibly_closed_stream(stream):`
`405`	`405`	`ifstatus!=0:`
`406`	`406`	`errstr=read_all_from_possibly_closed_stream(self.proc.stderr)`
`407`	`407`	`log.debug('AutoInterrupt wait stderr: %r'% (errstr,))`
`408`		`-raiseGitCommandError(self.args,status,errstr)`
	`408`	`+raiseGitCommandError(remove_password_if_present(self.args),status,errstr)`
`409`	`409`	`# END status handling`
`410`	`410`	`returnstatus`
`411`	`411`	`# END auto interrupt`
`@@ -638,7 +638,7 @@ def execute(self, command,`
`638`	`638`
`639`	`639`	`:param env:`
`640`	`640`	A dictionary of environment variables to be passed to `subprocess.Popen`.
`641`		`-`
	`641`	`+`
`642`	`642`	`:param max_chunk_size:`
`643`	`643`	`Maximum number of bytes in one chunk of data passed to the output_stream in`
`644`	`644`	`one invocation of write() method. If the given number is not positive then`
`@@ -706,7 +706,7 @@ def execute(self, command,`
`706`	`706`	`ifis_win:`
`707`	`707`	`cmd_not_found_exception=OSError`
`708`	`708`	`ifkill_after_timeout:`
`709`		`-raiseGitCommandError(command,'"kill_after_timeout" feature is not supported on Windows.')`
	`709`	`+raiseGitCommandError(redacted_command,'"kill_after_timeout" feature is not supported on Windows.')`
`710`	`710`	`else:`
`711`	`711`	`ifsys.version_info[0]>2:`
`712`	`712`	`cmd_not_found_exception=FileNotFoundError# NOQA # exists, flake8 unknown @UndefinedVariable`
`@@ -721,7 +721,7 @@ def execute(self, command,`
`721`	`721`	`ifistream:`
`722`	`722`	`istream_ok="<valid stream>"`
`723`	`723`	`log.debug("Popen(%s, cwd=%s, universal_newlines=%s, shell=%s, istream=%s)",`
`724`		`-command,cwd,universal_newlines,shell,istream_ok)`
	`724`	`+redacted_command,cwd,universal_newlines,shell,istream_ok)`
`725`	`725`	`try:`
`726`	`726`	`proc=Popen(command,`
`727`	`727`	`env=env,`
`@@ -737,7 +737,7 @@ def execute(self, command,`
`737`	`737`	`**subprocess_kwargs`
`738`	`738`	`)`
`739`	`739`	`exceptcmd_not_found_exceptionaserr:`
`740`		`-raiseGitCommandNotFound(command,err)fromerr`
	`740`	`+raiseGitCommandNotFound(redacted_command,err)fromerr`
`741`	`741`
`742`	`742`	`ifas_process:`
`743`	`743`	`returnself.AutoInterrupt(proc,command)`
`@@ -787,7 +787,7 @@ def _kill_process(pid):`
`787`	`787`	`watchdog.cancel()`
`788`	`788`	`ifkill_check.isSet():`
`789`	`789`	`stderr_value= ('Timeout: the command "%s" did not complete in %d '`
`790`		`-'secs.'% (" ".join(command),kill_after_timeout))`
	`790`	`+'secs.'% (" ".join(redacted_command),kill_after_timeout))`
`791`	`791`	`ifnotuniversal_newlines:`
`792`	`792`	`stderr_value=stderr_value.encode(defenc)`
`793`	`793`	`# strip trailing "\n"`
`@@ -811,7 +811,7 @@ def _kill_process(pid):`
`811`	`811`	`proc.stderr.close()`
`812`	`812`
`813`	`813`	`ifself.GIT_PYTHON_TRACE=='full':`
`814`		`-cmdstr=" ".join(command)`
	`814`	`+cmdstr=" ".join(redacted_command)`
`815`	`815`
`816`	`816`	`defas_text(stdout_value):`
`817`	`817`	`returnnotoutput_streamandsafe_decode(stdout_value)or'<OUTPUT_STREAM>'`
`@@ -827,7 +827,7 @@ def as_text(stdout_value):`
`827`	`827`	`# END handle debug printing`
`828`	`828`
`829`	`829`	`ifwith_exceptionsandstatus!=0:`
`830`		`-raiseGitCommandError(command,status,stderr_value,stdout_value)`
	`830`	`+raiseGitCommandError(redacted_command,status,stderr_value,stdout_value)`
`831`	`831`
`832`	`832`	`ifisinstance(stdout_value,bytes)andstdout_as_string:# could also be output_stream`
`833`	`833`	`stdout_value=safe_decode(stdout_value)`

`‎git/util.py`

Lines changed: 4 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -349,7 +349,9 @@ def remove_password_if_present(cmdline):`
`349`	`349`
`350`	`350`	`This should be used for every log line that print a command line.`
`351`	`351`	`"""`
	`352`	`+new_cmdline= []`
`352`	`353`	`forindex,to_parseinenumerate(cmdline):`
	`354`	`+new_cmdline.append(to_parse)`
`353`	`355`	`try:`
`354`	`356`	`url=urlsplit(to_parse)`
`355`	`357`	`# Remove password from the URL if present`
`@@ -358,11 +360,11 @@ def remove_password_if_present(cmdline):`
`358`	`360`
`359`	`361`	`edited_url=url._replace(`
`360`	`362`	`netloc=url.netloc.replace(url.password,"*****"))`
`361`		`-cmdline[index]=urlunsplit(edited_url)`
	`363`	`+new_cmdline[index]=urlunsplit(edited_url)`
`362`	`364`	`exceptValueError:`
`363`	`365`	`# This is not a valid URL`
`364`	`366`	`pass`
`365`		`-returncmdline`
	`367`	`+returnnew_cmdline`
`366`	`368`
`367`	`369`
`368`	`370`	`#} END utilities`

`‎test/test_repo.py`

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -240,7 +240,6 @@ def test_clone_from_with_path_contains_unicode(self):`
`240`	`240`
`241`	`241`	`@with_rw_directory`
`242`	`242`	`deftest_leaking_password_in_clone_logs(self,rw_dir):`
`243`		`-"""Check that the password is not printed on the logs"""`
`244`	`243`	`password="fakepassword1234"`
`245`	`244`	`try:`
`246`	`245`	`Repo.clone_from(`
`@@ -249,6 +248,10 @@ def test_leaking_password_in_clone_logs(self, rw_dir):`
`249`	`248`	`to_path=rw_dir)`
`250`	`249`	`exceptGitCommandErroraserr:`
`251`	`250`	`assertpasswordnotinstr(err),"The error message '%s' should not contain the password"%err`
	`251`	`+# Working example from a blank private project`
	`252`	`+Repo.clone_from(`
	`253`	`+url="https://gitlab+deploy-token-392045:mLWhVus7bjLsy8xj8q2V@gitlab.com/mercierm/test_git_python",`
	`254`	`+to_path=rw_dir)`
`252`	`255`
`253`	`256`	`@with_rw_repo('HEAD')`
`254`	`257`	`deftest_max_chunk_size(self,repo):`

`‎test/test_util.py`

Lines changed: 5 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -325,7 +325,6 @@ def test_pickle_tzoffset(self):`
`325`	`325`	`self.assertEqual(t1._name,t2._name)`
`326`	`326`
`327`	`327`	`deftest_remove_password_from_command_line(self):`
`328`		`-"""Check that the password is not printed on the logs"""`
`329`	`328`	`password="fakepassword1234"`
`330`	`329`	`url_with_pass="https://fakeuser:{}@fakerepo.example.com/testrepo".format(password)`
`331`	`330`	`url_without_pass="https://fakerepo.example.com/testrepo"`
`@@ -334,6 +333,10 @@ def test_remove_password_from_command_line(self):`
`334`	`333`	`cmd_2= ["git","clone","-v",url_without_pass]`
`335`	`334`	`cmd_3= ["no","url","in","this","one"]`
`336`	`335`
`337`		`-assertpasswordnotinremove_password_if_present(cmd_1)`
	`336`	`+redacted_cmd_1=remove_password_if_present(cmd_1)`
	`337`	`+assertpasswordnotin" ".join(redacted_cmd_1)`
	`338`	`+# Check that we use a copy`
	`339`	`+assertcmd_1isnotredacted_cmd_1`
	`340`	`+assertpasswordin" ".join(cmd_1)`
`338`	`341`	`assertcmd_2==remove_password_if_present(cmd_2)`
`339`	`342`	`assertcmd_3==remove_password_if_present(cmd_3)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitffddedf

File tree

4 files changed

4 files changed

`‎git/cmd.py`

`‎git/util.py`

`‎test/test_repo.py`

`‎test/test_util.py`

0 commit comments