diff options
| author | Michael Mercier <michael.mercier@ryax.tech> | 2021-03-15 17:54:48 +0100 |
|---|---|---|
| committer | Michael Mercier <michael.mercier@ryax.tech> | 2021-03-15 18:00:05 +0100 |
| commit | f7968d136276607115907267b3be89c3ff9acd03 (patch) | |
| tree | 505d533c942747f57785a449df4e2a7612cd2e77 | |
| parent | f7180d50f785ec28963e12e647d269650ad89b31 (diff) | |
| download | gitpython-f7968d136276607115907267b3be89c3ff9acd03.tar.gz | |
Put remove password in the utils and use it also in cmd.execute
| -rw-r--r-- | git/cmd.py | 6 | ||||
| -rw-r--r-- | git/repo/base.py | 15 | ||||
| -rw-r--r-- | git/util.py | 28 |
3 files changed, 35 insertions, 14 deletions
@@ -28,7 +28,7 @@ from git.compat import ( is_win, ) from git.exc import CommandError -from git.util import is_cygwin_git, cygpath, expand_path +from git.util import is_cygwin_git, cygpath, expand_path, remove_password_if_present from .exc import ( GitCommandError, @@ -682,8 +682,10 @@ class Git(LazyMixin): :note: If you add additional keyword arguments to the signature of this method, you must update the execute_kwargs tuple housed in this module.""" + # Remove password for the command if present + redacted_command = remove_password_if_present(command) if self.GIT_PYTHON_TRACE and (self.GIT_PYTHON_TRACE != 'full' or as_process): - log.info(' '.join(command)) + log.info(' '.join(redacted_command)) # Allow the user to have the command executed in their working dir. cwd = self._working_dir or os.getcwd() diff --git a/git/repo/base.py b/git/repo/base.py index 9cb84054..e68bc077 100644 --- a/git/repo/base.py +++ b/git/repo/base.py @@ -9,7 +9,6 @@ import logging import os import re import warnings -from urllib.parse import urlsplit, urlunsplit from git.cmd import ( Git, @@ -27,7 +26,7 @@ from git.index import IndexFile from git.objects import Submodule, RootModule, Commit from git.refs import HEAD, Head, Reference, TagReference from git.remote import Remote, add_progress, to_progress_instance -from git.util import Actor, finalize_process, decygpath, hex_to_bin, expand_path +from git.util import Actor, finalize_process, decygpath, hex_to_bin, expand_path, remove_password_if_present import os.path as osp from .fun import rev_parse, is_git_dir, find_submodule_git_dir, touch, find_worktree_git_dir @@ -971,16 +970,8 @@ class Repo(object): else: (stdout, stderr) = proc.communicate() cmdline = getattr(proc, 'args', '') - uri = cmdline[-2] - try: - url = urlsplit(uri) - # Remove password from the URL if present - if url.password: - edited_url = url._replace( - netloc=url.netloc.replace(url.password, "****")) - cmdline[-2] = urlunsplit(edited_url) - except ValueError: - log.debug("Unable to parse the URL %s", url) + cmdline = remove_password_if_present(cmdline) + log.debug("Cmd(%s)'s unused stdout: %s", cmdline, stdout) finalize_process(proc, stderr=stderr) diff --git a/git/util.py b/git/util.py index 04c96789..e9d183d9 100644 --- a/git/util.py +++ b/git/util.py @@ -16,6 +16,7 @@ import stat from sys import maxsize import time from unittest import SkipTest +from urllib.parse import urlsplit, urlunsplit from gitdb.util import (# NOQA @IgnorePep8 make_sha, @@ -338,6 +339,33 @@ def expand_path(p, expand_vars=True): except Exception: return None + +def remove_password_if_present(cmdline): + """ + Parse any command line argument and if on of the element is an URL with a + password, replace it by stars. If nothing found just returns a copy of the + command line as-is. + + This should be used for every log line that print a command line. + """ + redacted_cmdline = [] + for to_parse in cmdline: + try: + url = urlsplit(to_parse) + # Remove password from the URL if present + if url.password is None: + raise ValueError() + + edited_url = url._replace( + netloc=url.netloc.replace(url.password, "*****")) + redacted_cmdline.append(urlunsplit(edited_url)) + except ValueError: + redacted_cmdline.append(to_parse) + # This is not a valid URL + pass + return redacted_cmdline + + #} END utilities #{ Classes |