Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Strip usernames from URLs as well as passwords#1437

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
Byron merged 1 commit intogitpython-developers:mainfromglennmatthews:issue-1284
May 5, 2022
Merged
Show file tree
Hide file tree
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletionsgit/exc.py
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -8,6 +8,7 @@
from gitdb.exc import BadName # NOQA @UnusedWildImport skipcq: PYL-W0401, PYL-W0614
from gitdb.exc import * # NOQA @UnusedWildImport skipcq: PYL-W0401, PYL-W0614
from git.compat import safe_decode
from git.util import remove_password_if_present

# typing ----------------------------------------------------

Expand DownExpand Up@@ -54,7 +55,7 @@ def __init__(self, command: Union[List[str], Tuple[str, ...], str],
stdout: Union[bytes, str, None] = None) -> None:
if not isinstance(command, (tuple, list)):
command = command.split()
self.command = command
self.command =remove_password_if_present(command)
self.status = status
if status:
if isinstance(status, Exception):
Expand All@@ -66,8 +67,8 @@ def __init__(self, command: Union[List[str], Tuple[str, ...], str],
s = safe_decode(str(status))
status = "'%s'" % s if isinstance(status, str) else s

self._cmd = safe_decode(command[0])
self._cmdline = ' '.join(safe_decode(i) for i in command)
self._cmd = safe_decode(self.command[0])
self._cmdline = ' '.join(safe_decode(i) for i inself.command)
self._cause = status and " due to: %s" % status or "!"
stdout_decode = safe_decode(stdout)
stderr_decode = safe_decode(stderr)
Expand Down
20 changes: 13 additions & 7 deletionsgit/util.py
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -5,7 +5,6 @@
# the BSD License: http://www.opensource.org/licenses/bsd-license.php

from abc import abstractmethod
from .exc import InvalidGitRepositoryError
import os.path as osp
from .compat import is_win
import contextlib
Expand DownExpand Up@@ -94,6 +93,8 @@ def unbare_repo(func: Callable[..., T]) -> Callable[..., T]:
"""Methods with this decorator raise InvalidGitRepositoryError if they
encounter a bare repository"""

from .exc import InvalidGitRepositoryError

@wraps(func)
def wrapper(self: 'Remote', *args: Any, **kwargs: Any) -> T:
if self.repo.bare:
Expand DownExpand Up@@ -412,24 +413,29 @@ def expand_path(p: Union[None, PathLike], expand_vars: bool = True) -> Optional[
def remove_password_if_present(cmdline: Sequence[str]) -> List[str]:
"""
Parse any command line argument and if on of the element is an URL with a
password, replaceit by stars (in-place).
username and/orpassword, replacethem by stars (in-place).

If nothing found just returns the command line as-is.

This should be used for every log line that print a command line.
This should be used for every log line that print a command line, as well as
exception messages.
"""
new_cmdline = []
for index, to_parse in enumerate(cmdline):
new_cmdline.append(to_parse)
try:
url = urlsplit(to_parse)
# Remove password from the URL if present
if url.password is None:
if url.password is None and url.username is None:
continue

edited_url = url._replace(
netloc=url.netloc.replace(url.password, "*****"))
new_cmdline[index] = urlunsplit(edited_url)
if url.password is not None:
url = url._replace(
netloc=url.netloc.replace(url.password, "*****"))
if url.username is not None:
url = url._replace(
netloc=url.netloc.replace(url.username, "*****"))
new_cmdline[index] = urlunsplit(url)
except ValueError:
# This is not a valid URL
continue
Expand Down
9 changes: 6 additions & 3 deletionstest/test_exc.py
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -22,6 +22,7 @@
HookExecutionError,
RepositoryDirtyError,
)
from git.util import remove_password_if_present
from test.lib import TestBase

import itertools as itt
Expand All@@ -34,6 +35,7 @@
('cmd', 'ελληνικα', 'args'),
('θνιψοδε', 'κι', 'αλλα', 'strange', 'args'),
('θνιψοδε', 'κι', 'αλλα', 'non-unicode', 'args'),
('git', 'clone', '-v', 'https://fakeuser:fakepassword1234@fakerepo.example.com/testrepo'),
)
_causes_n_substrings = (
(None, None), # noqa: E241 @IgnorePep8
Expand DownExpand Up@@ -81,7 +83,7 @@ def test_CommandError_unicode(self, case):
self.assertIsNotNone(c._msg)
self.assertIn(' cmdline: ', s)

for a in argv:
for a inremove_password_if_present(argv):
self.assertIn(a, s)

if not cause:
Expand DownExpand Up@@ -137,14 +139,15 @@ def test_GitCommandNotFound(self, init_args):
@ddt.data(
(['cmd1'], None),
(['cmd1'], "some cause"),
(['cmd1'], Exception()),
(['cmd1', 'https://fakeuser@fakerepo.example.com/testrepo'], Exception()),
)
def test_GitCommandError(self, init_args):
argv, cause = init_args
c = GitCommandError(argv, cause)
s = str(c)

self.assertIn(argv[0], s)
for arg in remove_password_if_present(argv):
self.assertIn(arg, s)
if cause:
self.assertIn(' failed due to: ', s)
self.assertIn(str(cause), s)
Expand Down
30 changes: 23 additions & 7 deletionstest/test_util.py
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -343,18 +343,34 @@ def test_pickle_tzoffset(self):
self.assertEqual(t1._name, t2._name)

def test_remove_password_from_command_line(self):
username = "fakeuser"
password = "fakepassword1234"
url_with_pass = "https://fakeuser:{}@fakerepo.example.com/testrepo".format(password)
url_without_pass = "https://fakerepo.example.com/testrepo"
url_with_user_and_pass = "https://{}:{}@fakerepo.example.com/testrepo".format(username, password)
url_with_user = "https://{}@fakerepo.example.com/testrepo".format(username)
url_with_pass = "https://:{}@fakerepo.example.com/testrepo".format(password)
url_without_user_or_pass = "https://fakerepo.example.com/testrepo"

cmd_1 = ["git", "clone", "-v", url_with_pass]
cmd_2 = ["git", "clone", "-v", url_without_pass]
cmd_3 = ["no", "url", "in", "this", "one"]
cmd_1 = ["git", "clone", "-v", url_with_user_and_pass]
cmd_2 = ["git", "clone", "-v", url_with_user]
cmd_3 = ["git", "clone", "-v", url_with_pass]
cmd_4 = ["git", "clone", "-v", url_without_user_or_pass]
cmd_5 = ["no", "url", "in", "this", "one"]

redacted_cmd_1 = remove_password_if_present(cmd_1)
assert username not in " ".join(redacted_cmd_1)
assert password not in " ".join(redacted_cmd_1)
# Check that we use a copy
assert cmd_1 is not redacted_cmd_1
assert username in " ".join(cmd_1)
assert password in " ".join(cmd_1)
assert cmd_2 == remove_password_if_present(cmd_2)
assert cmd_3 == remove_password_if_present(cmd_3)

redacted_cmd_2 = remove_password_if_present(cmd_2)
assert username not in " ".join(redacted_cmd_2)
assert password not in " ".join(redacted_cmd_2)

redacted_cmd_3 = remove_password_if_present(cmd_3)
assert username not in " ".join(redacted_cmd_3)
assert password not in " ".join(redacted_cmd_3)

assert cmd_4 == remove_password_if_present(cmd_4)
assert cmd_5 == remove_password_if_present(cmd_5)
[8]ページ先頭
©2009-2025 Movatter.jp