Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Github token is leaked when used as a part of remote URL #1284

Closed
@0xnm

Description

@0xnm

Githuballows usage of personal access tokens with remote URLs in the format:

https://<token>@github.com/owner/repo.git

or

https://<token>:x-oauth-basic@github.com/owner/repo.git

If such URL is used withRemote, if some error related to the access happens, it (in the example below token isfoobar) can be leaked via exception message, like the following:

Traceback (most recent call last):  File "start.py", line 119, in <module>    sys.exit(run_main())    ...git.exc.GitCommandError: Cmd('git') failed due to: exit code(128)  cmdline: git push --set-upstream --force ....  stderr: 'remote: some error.fatal: unable to access 'https://foobar:x-oauth-basic@github.com/FooBarCorp/some-repo/': The requested URL returned error: 403'

It would be nice to have internal mechanism to prevent such leakage.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      [8]ページ先頭
      ©2009-2025 Movatter.jp