From: Andreas Ericsson <ae@op5.se>
To: gitster@pobox.com
Cc: git@vger.kernel.org, Andreas Ericsson <ae@op5.se>
Subject: [PATCH v2] fetch: Strip usernames from url's before storing them
Date: Wed, 15 Apr 2009 16:30:14 +0200 [thread overview]
Message-ID: <1239805814-21340-1-git-send-email-ae@op5.se> (raw)
In-Reply-To: <49E5EBD2.1070704@op5.se>
When pulling from a remote, the full URL including username
is by default added to the commit message. Since it adds
very little value but could be used by malicious people to
glean valid usernames (with matching hostnames), we're far
better off just stripping the username before storing the
remote URL locally.
Note that this patch has no lasting visible effect when
"git pull" does not create a merge commit. It simply
alters what gets written to .git/FETCH_HEAD, which is used
by "git merge" to automagically create its' messages.
Signed-off-by: Andreas Ericsson <ae@op5.se>
---
This incorporates the changes suggested by both J6t and
Michael Gruber, as well as the properly functioning
version of the patch (the last one had an off-by-lots
for some url's, as I failed at --amend'ing it).
builtin-fetch.c | 7 +++++--
transport.c | 40 ++++++++++++++++++++++++++++++++++++++++
transport.h | 1 +
3 files changed, 46 insertions(+), 2 deletions(-)
diff --git a/builtin-fetch.c b/builtin-fetch.c
index 3c998ea..0bb290b 100644
--- a/builtin-fetch.c
+++ b/builtin-fetch.c
@@ -289,7 +289,7 @@ static int update_local_ref(struct ref *ref,
}
}
-static int store_updated_refs(const char *url, const char *remote_name,
+static int store_updated_refs(const char *raw_url, const char *remote_name,
struct ref *ref_map)
{
FILE *fp;
@@ -298,11 +298,13 @@ static int store_updated_refs(const char *url, const char *remote_name,
char note[1024];
const char *what, *kind;
struct ref *rm;
- char *filename = git_path("FETCH_HEAD");
+ char *url, *filename = git_path("FETCH_HEAD");
fp = fopen(filename, "a");
if (!fp)
return error("cannot open %s: %s\n", filename, strerror(errno));
+
+ url = transport_anonymize_url(raw_url);
for (rm = ref_map; rm; rm = rm->next) {
struct ref *ref = NULL;
@@ -376,6 +378,7 @@ static int store_updated_refs(const char *url, const char *remote_name,
fprintf(stderr, " %s\n", note);
}
}
+ free(url);
fclose(fp);
if (rc & 2)
error("some local refs could not be updated; try running\n"
diff --git a/transport.c b/transport.c
index 3dfb03c..9e6dc5e 100644
--- a/transport.c
+++ b/transport.c
@@ -1083,3 +1083,43 @@ int transport_disconnect(struct transport *transport)
free(transport);
return ret;
}
+
+/*
+ * Strip username information from the url and return it in a
+ * newly allocated string which the caller has to free.
+ *
+ * The url's we want to catch are the following:
+ * ssh://[user@]host.xz[:port]/path/to/repo.git/
+ * [user@]host.xz:/path/to/repo.git/
+ * http[s]://[user[:password]@]host.xz/path/to/repo.git
+ *
+ * Although git doesn't currently support giving the password
+ * to http url's on the command-line, it's easier to catch
+ * that case too than it is to cater for it specially.
+ */
+char *transport_anonymize_url(const char *url)
+{
+ char *anon_url;
+ const char *at_sign = strchr(url, '@');
+ size_t len, prefix_len = 0;
+
+ if (is_local(url) || !at_sign)
+ return xstrdup(url);
+
+ if (!prefixcmp(url, "ssh://"))
+ prefix_len = strlen("ssh://");
+ else if (!prefixcmp(url, "http://"))
+ prefix_len = strlen("http://");
+ else if (!prefixcmp(url, "https://"))
+ prefix_len = strlen("https://");
+ else if (!strchr(at_sign + 1, ':'))
+ return xstrdup(url);
+
+ len = prefix_len + strlen(at_sign + 1);
+ anon_url = xcalloc(1, 1 + prefix_len + strlen(at_sign + 1));
+ if (prefix_len)
+ memcpy(anon_url, url, prefix_len);
+ memcpy(anon_url + prefix_len, at_sign + 1, strlen(at_sign + 1));
+
+ return anon_url;
+}
diff --git a/transport.h b/transport.h
index b1c2252..27bfc52 100644
--- a/transport.h
+++ b/transport.h
@@ -74,5 +74,6 @@ const struct ref *transport_get_remote_refs(struct transport *transport);
int transport_fetch_refs(struct transport *transport, const struct ref *refs);
void transport_unlock_pack(struct transport *transport);
int transport_disconnect(struct transport *transport);
+char *transport_anonymize_url(const char *url);
#endif
--
1.6.3.rc0.2.g743353.dirty
next prev parent reply other threads:[~2009-04-15 14:31 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-15 12:16 [PATCH] fetch: Strip usernames from url's before storing them Andreas Ericsson
2009-04-15 12:30 ` Michael J Gruber
2009-04-15 14:01 ` Andreas Ericsson
2009-04-15 17:19 ` Junio C Hamano
2009-04-15 18:08 ` Andreas Ericsson
2009-04-15 13:18 ` Johannes Sixt
2009-04-15 14:14 ` Andreas Ericsson
2009-04-15 14:30 ` Andreas Ericsson [this message]
2009-04-15 17:19 ` [PATCH v2] " Junio C Hamano
2009-04-15 20:45 ` Andreas Ericsson
2009-04-17 8:20 ` [PATCH v3] " Andreas Ericsson
2009-04-20 7:39 ` Andreas Ericsson
2009-04-20 8:36 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1239805814-21340-1-git-send-email-ae@op5.se \
--to=ae@op5.se \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).