From: "Johannes Schindelin via GitGitGadget" <gitgitgadget@gmail.com>
To: git@vger.kernel.org
Cc: Johannes Schindelin <johannes.schindelin@gmx.de>,
Johannes Schindelin <johannes.schindelin@gmx.de>
Subject: [PATCH] push: anonymize URLs in error messages and warnings
Date: Fri, 24 Apr 2020 14:20:08 +0000 [thread overview]
Message-ID: <pull.618.git.1587738008248.gitgitgadget@gmail.com> (raw)
From: Johannes Schindelin <johannes.schindelin@gmx.de>
Just like 47abd85ba0 (fetch: Strip usernames from url's before storing
them, 2009-04-17) and later 882d49ca5c (push: anonymize URL in status
output, 2016-07-13), and even later c1284b21f243 (curl: anonymize URLs
in error messages and warnings, 2019-03-04) this change anonymizes URLs
(read: strips them of user names and especially passwords) in
user-facing error messages and warnings.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
push: anonymize URLs in error messages and warnings
A token used by GitGitGadget was leaked by this bug. Thankfully, it
seems nobody noticed, and I installed a patched Git on the self-hosted
build agent so that this won't happen anymore.
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-618%2Fdscho%2Fanonymize-push-url-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-618/dscho/anonymize-push-url-v1
Pull-Request: https://github.com/gitgitgadget/git/pull/618
builtin/push.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/builtin/push.c b/builtin/push.c
index 6dbf0f0bb71..bd2a2cbfbd7 100644
--- a/builtin/push.c
+++ b/builtin/push.c
@@ -340,6 +340,7 @@ static int push_with_options(struct transport *transport, struct refspec *rs,
{
int err;
unsigned int reject_reasons;
+ char *anon_url = transport_anonymize_url(transport->url);
transport_set_verbosity(transport, verbosity, progress);
transport->family = family;
@@ -364,11 +365,12 @@ static int push_with_options(struct transport *transport, struct refspec *rs,
trace2_region_leave("push", "transport_push", the_repository);
if (err != 0) {
fprintf(stderr, "%s", push_get_color(PUSH_COLOR_ERROR));
- error(_("failed to push some refs to '%s'"), transport->url);
+ error(_("failed to push some refs to '%s'"), anon_url);
fprintf(stderr, "%s", push_get_color(PUSH_COLOR_RESET));
}
err |= transport_disconnect(transport);
+ free(anon_url);
if (!err)
return 0;
base-commit: af6b65d45ef179ed52087e80cb089f6b2349f4ec
--
gitgitgadget
next reply other threads:[~2020-04-24 14:20 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-24 14:20 Johannes Schindelin via GitGitGadget [this message]
2020-04-24 16:50 ` [PATCH] push: anonymize URLs in error messages and warnings Taylor Blau
2020-04-24 20:29 ` Junio C Hamano
2020-04-24 20:38 ` Junio C Hamano
2020-04-24 21:04 ` Johannes Schindelin
2020-04-24 21:22 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=pull.618.git.1587738008248.gitgitgadget@gmail.com \
--to=gitgitgadget@gmail.com \
--cc=git@vger.kernel.org \
--cc=johannes.schindelin@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).