From: "Ivan Frade via GitGitGadget" <gitgitgadget@gmail.com>
To: git@vger.kernel.org
Cc: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
"Eric Sunshine" <sunshine@sunshineco.com>,
"Ivan Frade" <ifrade@google.com>
Subject: [PATCH v5 0/2] fetch-pack: redact packfile urls in traces
Date: Thu, 28 Oct 2021 22:51:38 +0000 [thread overview]
Message-ID: <pull.1052.v5.git.1635461500.gitgitgadget@gmail.com> (raw)
In-Reply-To: <pull.1052.v4.git.1635288599.gitgitgadget@gmail.com>
Changes since v4:
* Use "uri" instead of "url"
* Look specifically for a line with packfile-uri format (instead of for a
URL in general)
* Limit the redacting to the packfile-uri section in do_fetch_pack_v2
* Use "%.*s" instead of duplicating parts of the string to print
Changes since v3:
* Enable redacting URLs for all sections
* Redact only URL path (it was until the end of line)
* Redact URL in die() with more friendly message
* Update doc to mention that packfile URIs are also redacted.
Changes since v2:
* Redact only the path of the URL
* Test are now strict, validating the exact line expected in the log
Changes since v1:
* Removed non-POSIX flags in tests
* More accurate regex for the non-encrypted packfile line
* Dropped documentation change
* Dropped redacting the die message in http-fetch
Ivan Frade (2):
fetch-pack: redact packfile urls in traces
http-fetch: redact url on die() message
Documentation/git.txt | 5 +++--
fetch-pack.c | 4 ++++
http-fetch.c | 14 ++++++++++--
pkt-line.c | 39 +++++++++++++++++++++++++++++++-
pkt-line.h | 1 +
t/t5702-protocol-v2.sh | 51 ++++++++++++++++++++++++++++++++++++++++++
6 files changed, 109 insertions(+), 5 deletions(-)
base-commit: e9e5ba39a78c8f5057262d49e261b42a8660d5b9
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1052%2Fifradeo%2Fredact-packfile-uri-v5
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1052/ifradeo/redact-packfile-uri-v5
Pull-Request: https://github.com/gitgitgadget/git/pull/1052
Range-diff vs v4:
1: 973a250752c ! 1: c95b3cafcd6 fetch-pack: redact packfile urls in traces
@@ Documentation/git.txt: for full details.
- cookies, the "Authorization:" header, and the "Proxy-Authorization:"
- header. Set this variable to `0` to prevent this redaction.
+ cookies, the "Authorization:" header, the "Proxy-Authorization:"
-+ header and packfile URLs. Set this variable to `0` to prevent this
++ header and packfile URIs. Set this variable to `0` to prevent this
+ redaction.
`GIT_LITERAL_PATHSPECS`::
@@ Documentation/git.txt: for full details.
## fetch-pack.c ##
@@ fetch-pack.c: static struct ref *do_fetch_pack_v2(struct fetch_pack_args *args,
- reader.me = "fetch-pack";
- }
+ receive_wanted_refs(&reader, sought, nr_sought);
-+ if (git_env_bool("GIT_TRACE_REDACT", 1))
-+ reader.options |= PACKET_READ_REDACT_URL_PATH;
-+
- while (state != FETCH_DONE) {
- switch (state) {
- case FETCH_CHECK_LOCAL:
+ /* get the pack(s) */
++ if (git_env_bool("GIT_TRACE_REDACT", 1))
++ reader.options |= PACKET_READ_REDACT_URI_PATH;
+ if (process_section_header(&reader, "packfile-uris", 1))
+ receive_packfile_uris(&reader, &packfile_uris);
++ reader.options &= ~PACKET_READ_REDACT_URI_PATH;
++
+ process_section_header(&reader, "packfile", 0);
+
+ /*
## pkt-line.c ##
@@ pkt-line.c: int packet_length(const char lenbuf_hex[4])
return (val < 0) ? val : (val << 8) | hex2chr(lenbuf_hex + 2);
}
-+static char *find_url_path(const char* buffer, int *path_len)
++static char *find_packfile_uri_path(const char *buffer)
+{
-+ const char *URL_MARK = "://";
-+ char *path = strstr(buffer, URL_MARK);
-+ if (!path)
-+ return NULL;
++ const char *URI_MARK = "://";
++ char *path;
++ int len;
+
-+ path += strlen(URL_MARK);
-+ while (*path && *path != '/')
-+ path++;
++ /* First char is sideband mark */
++ buffer += 1;
+
-+ if (!*path || !*(path + 1))
-+ return NULL;
++ len = strspn(buffer, "0123456789abcdefABCDEF");
++ if (!(len == 40 || len == 64) || buffer[len] != ' ')
++ return NULL; /* required "<hash>SP" not seen */
+
-+ // position after '/'
-+ path++;
++ path = strstr(buffer + len + 1, URI_MARK);
++ if (!path)
++ return NULL;
+
-+ if (path_len) {
-+ char *url_end = strchrnul(path, ' ');
-+ *path_len = url_end - path;
-+ }
++ path = strchr(path + strlen(URI_MARK), '/');
++ if (!path || !*(path + 1))
++ return NULL;
+
-+ return path;
++ /* position after '/' */
++ return ++path;
+}
+
enum packet_read_status packet_read_with_status(int fd, char **src_buffer,
@@ pkt-line.c: enum packet_read_status packet_read_with_status(int fd, char **src_b
{
int len;
char linelen[4];
-+ char *url_path_start;
-+ int url_path_len;
++ char *uri_path_start;
if (get_packet_data(fd, src_buffer, src_len, linelen, 4, options) < 0) {
*pktlen = -1;
@@ pkt-line.c: enum packet_read_status packet_read_with_status(int fd, char **src_b
buffer[len] = 0;
- packet_trace(buffer, len, 0);
-+ if (options & PACKET_READ_REDACT_URL_PATH &&
-+ (url_path_start = find_url_path(buffer, &url_path_len))) {
++ if (options & PACKET_READ_REDACT_URI_PATH &&
++ (uri_path_start = find_packfile_uri_path(buffer))) {
+ const char *redacted = "<redacted>";
+ struct strbuf tracebuf = STRBUF_INIT;
+ strbuf_insert(&tracebuf, 0, buffer, len);
-+ strbuf_splice(&tracebuf, url_path_start - buffer,
-+ url_path_len, redacted, strlen(redacted));
++ strbuf_splice(&tracebuf, uri_path_start - buffer,
++ strlen(uri_path_start), redacted, strlen(redacted));
+ packet_trace(tracebuf.buf, tracebuf.len, 0);
+ strbuf_release(&tracebuf);
+ } else {
@@ pkt-line.h: void packet_fflush(FILE *f);
#define PACKET_READ_CHOMP_NEWLINE (1u<<1)
#define PACKET_READ_DIE_ON_ERR_PACKET (1u<<2)
#define PACKET_READ_GENTLE_ON_READ_ERROR (1u<<3)
-+#define PACKET_READ_REDACT_URL_PATH (1u<<4)
++#define PACKET_READ_REDACT_URI_PATH (1u<<4)
int packet_read(int fd, char *buffer, unsigned size, int options);
/*
2: c7f0977cabd ! 2: 6912a690197 http-fetch: redact url on die() message
@@ Commit message
http-fetch: redact url on die() message
http-fetch prints the URL after failing to fetch it. This can be
- confusing to users (they cannot really do anything with it) but even
- worse, they can share by accident a sensitive URL (e.g. with
- credentials) while looking for help.
+ confusing to users (they cannot really do anything with it), and they
+ can share by accident a sensitive URL (e.g. with credentials) while
+ looking for help.
Redact the URL unless the GIT_TRACE_REDACT variable is set to false. This
mimics the redaction of other sensitive information in git, like the
Authorization header in HTTP.
+ Fix also capitalization of previous die() message (must start in
+ lowercase).
+
Signed-off-by: Ivan Frade <ifrade@google.com>
## http-fetch.c ##
@@ http-fetch.c: static void fetch_single_packfile(struct object_id *packfile_hash,
- curl_errorstr);
+ struct url_info url;
+ char *nurl = url_normalize(preq->url, &url);
-+ if (!git_env_bool("GIT_TRACE_REDACT", 1) || !nurl) {
-+ die("Unable to get pack file %s\n%s", preq->url,
++ if (!nurl || !git_env_bool("GIT_TRACE_REDACT", 1)) {
++ die("unable to get pack file '%s'\n%s", preq->url,
+ curl_errorstr);
+ } else {
-+ char *schema = xstrndup(url.url, url.scheme_len);
-+ char *host = xstrndup(&url.url[url.host_off], url.host_len);
-+ die("failed to get '%s' url from '%s' "
++ die("failed to get '%.*s' url from '%.*s' "
+ "(full URL redacted due to GIT_TRACE_REDACT setting)\n%s",
-+ schema, host, curl_errorstr);
++ (int)url.scheme_len, url.url,
++ (int)url.host_len, &url.url[url.host_off], curl_errorstr);
+ }
}
} else {
--
gitgitgadget
next prev parent reply other threads:[~2021-10-28 22:51 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-08 16:03 [PATCH 0/2] fetch-pack: redact packfile urls in traces Ivan Frade via GitGitGadget
2021-10-08 16:03 ` [PATCH 1/2] " Ivan Frade via GitGitGadget
2021-10-08 19:36 ` Ævar Arnfjörð Bjarmason
2021-10-08 23:15 ` Ivan Frade
2021-10-08 16:03 ` [PATCH 2/2] Documentation: packfile-uri hash can be longer than 40 hex chars Ivan Frade via GitGitGadget
2021-10-08 19:43 ` Ævar Arnfjörð Bjarmason
2021-10-09 2:20 ` [PATCH v2] fetch-pack: redact packfile urls in traces Ivan Frade via GitGitGadget
2021-10-11 20:39 ` Junio C Hamano
2021-10-26 19:32 ` Ivan Frade
2021-10-19 22:57 ` [PATCH v3] " Ivan Frade via GitGitGadget
2021-10-20 11:41 ` Ævar Arnfjörð Bjarmason
2021-10-26 22:49 ` [PATCH v4 0/2] " Ivan Frade via GitGitGadget
2021-10-26 22:49 ` [PATCH v4 1/2] " Ivan Frade via GitGitGadget
2021-10-28 1:01 ` Junio C Hamano
2021-10-28 22:15 ` Ivan Frade
2021-10-28 22:46 ` Junio C Hamano
2021-10-26 22:49 ` [PATCH v4 2/2] http-fetch: redact url on die() message Ivan Frade via GitGitGadget
2021-10-28 16:39 ` Ævar Arnfjörð Bjarmason
2021-10-28 17:25 ` Eric Sunshine
2021-10-28 22:44 ` Ivan Frade
2021-10-28 22:41 ` Ivan Frade
2021-10-29 23:18 ` Junio C Hamano
2021-11-09 1:54 ` Ævar Arnfjörð Bjarmason
2021-10-28 22:51 ` Ivan Frade via GitGitGadget [this message]
2021-10-28 22:51 ` [PATCH v5 1/2] fetch-pack: redact packfile urls in traces Ivan Frade via GitGitGadget
2021-10-28 23:21 ` Junio C Hamano
2021-10-29 18:42 ` Ivan Frade
2021-10-29 19:59 ` Junio C Hamano
2021-11-08 22:43 ` Jonathan Tan
2021-10-28 22:51 ` [PATCH v5 2/2] http-fetch: redact url on die() message Ivan Frade via GitGitGadget
2021-10-29 18:42 ` [PATCH v6 0/2] fetch-pack: redact packfile urls in traces Ivan Frade via GitGitGadget
2021-10-29 18:42 ` [PATCH v6 1/2] " Ivan Frade via GitGitGadget
2021-11-08 23:01 ` Jonathan Tan
2021-11-09 1:36 ` Ævar Arnfjörð Bjarmason
2021-11-10 23:44 ` Ivan Frade
2021-11-11 0:01 ` Ævar Arnfjörð Bjarmason
2021-11-10 21:18 ` Ivan Frade
2021-10-29 18:42 ` [PATCH v6 2/2] http-fetch: redact url on die() message Ivan Frade via GitGitGadget
2021-11-08 23:06 ` Jonathan Tan
2021-11-10 23:51 ` [PATCH v7 0/2] fetch-pack: redact packfile urls in traces Ivan Frade via GitGitGadget
2021-11-10 23:51 ` [PATCH v7 1/2] " Ivan Frade via GitGitGadget
2021-11-10 23:51 ` [PATCH v7 2/2] http-fetch: redact url on die() message Ivan Frade via GitGitGadget
2021-11-12 4:43 ` [PATCH v7 0/2] fetch-pack: redact packfile urls in traces Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=pull.1052.v5.git.1635461500.gitgitgadget@gmail.com \
--to=gitgitgadget@gmail.com \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=ifrade@google.com \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).