From: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
To: Derrick Stolee via GitGitGadget <gitgitgadget@gmail.com>
Cc: git@vger.kernel.org, gitster@pobox.com, peff@peff.net,
me@ttaylorr.com, christian.couder@gmail.com,
johannes.schindelin@gmx.de, jrnieder@gmail.com,
Derrick Stolee <derrickstolee@github.com>,
Derrick Stolee <dstolee@microsoft.com>
Subject: Re: [PATCH] urlmatch: do not allow passwords in URLs by default
Date: Sat, 01 May 2021 10:44:12 +0200 [thread overview]
Message-ID: <87fsz6ygyc.fsf@evledraar.gmail.com> (raw)
In-Reply-To: <pull.945.git.1619807844627.gitgitgadget@gmail.com>
On Fri, Apr 30 2021, Derrick Stolee via GitGitGadget wrote:
Just nits on the patch, will reply to the idea in another message:
> [...]
> +test_expect_success 'enable username:password urls' '
> + git config --global core.allowUsernamePasswordUrls true
> +'
Hrm, --global? In any case isn't it also better here to tweak this for
specific tests?
> test_expect_success 'push status output scrubs password' '
> cd "$ROOT_PATH/test_repo_clone" &&
> + git config core.allowUsernamePasswordUrls true &&
> git push --porcelain \
> "$HTTPD_URL_USER_PASS/smart/test_repo.git" \
> +HEAD:scrub >status &&
> @@ -469,9 +470,11 @@ test_expect_success 'push status output scrubs password' '
Use test_config instead, unless this is really "setup for the rest of
the tests" in disguise, but IMO even more of a reason to use test_config
for each one.
> test_expect_success 'clone/fetch scrubs password from reflogs' '
> cd "$ROOT_PATH" &&
> - git clone "$HTTPD_URL_USER_PASS/smart/test_repo.git" \
> + git -c core.allowUsernamePasswordUrls=true clone \
> + "$HTTPD_URL_USER_PASS/smart/test_repo.git" \
> reflog-test &&
> cd reflog-test &&
> + git config core.allowUsernamePasswordUrls true &&
Ditto. Although redundant in your patch, no, since we've set it to true
above?
> +test_expect_success 'clone fails when using username:password' '
> + test_must_fail git clone https://username:password@bogus.url 2>err &&
> + test_i18ngrep "attempted to parse a URL with a plain-text username and password" err
> +'
> +
Just use grep, not test_i18ngrep. GETTEXT_POISON is gone.
> test_expect_success 'clone from hooks' '
>
> test_create_repo r0 &&
> diff --git a/urlmatch.c b/urlmatch.c
> index 33a2ccd306b6..e81ec9e1fc0b 100644
> --- a/urlmatch.c
> +++ b/urlmatch.c
> @@ -1,5 +1,6 @@
> #include "cache.h"
> #include "urlmatch.h"
> +#include "config.h"
>
> #define URL_ALPHA "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
> #define URL_DIGIT "0123456789"
> @@ -106,6 +107,18 @@ static int match_host(const struct url_info *url_info,
> return (!url_len && !pat_len);
> }
>
> +static void die_if_username_password_not_allowed(void)
> +{
> + int opt_in = 0;
> + if (!git_config_get_bool("core.allowusernamepasswordurls", &opt_in) &&
> + opt_in)
> + return;
API use nit: You need to either initialize "opt_in = 0" or check the
git_config_get_bool() return value. Doing both isn't strictly
needed. I.e. either of these would work:
int opt_in = 0;
git_config_get_bool(..., &opt_in);
if (opt_in) ...;
Or:
int opt_in;
if (!git_config_get_bool(..., &opt_in) && opt_in)
No?
next prev parent reply other threads:[~2021-05-01 8:52 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-30 18:37 [PATCH] urlmatch: do not allow passwords in URLs by default Derrick Stolee via GitGitGadget
2021-04-30 18:50 ` Jeff King
2021-05-03 11:54 ` Derrick Stolee
2021-05-03 14:53 ` Jeff King
2021-05-01 2:00 ` brian m. carlson
2021-05-01 6:39 ` Christian Couder
2021-05-03 3:38 ` Junio C Hamano
2021-05-01 8:44 ` Ævar Arnfjörð Bjarmason [this message]
2021-05-01 8:52 ` Ævar Arnfjörð Bjarmason
2021-05-03 8:40 ` Robert Coup
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fsz6ygyc.fsf@evledraar.gmail.com \
--to=avarab@gmail.com \
--cc=christian.couder@gmail.com \
--cc=derrickstolee@github.com \
--cc=dstolee@microsoft.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=gitster@pobox.com \
--cc=johannes.schindelin@gmx.de \
--cc=jrnieder@gmail.com \
--cc=me@ttaylorr.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.