From 3a4fc6abfb3b39237f557372262ac79f45b6a9fa Mon Sep 17 00:00:00 2001 From: Michael Mercier Date: Thu, 11 Mar 2021 18:46:34 +0100 Subject: Replace password in URI by stars if present + test --- test/test_repo.py | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'test') diff --git a/test/test_repo.py b/test/test_repo.py index d5ea8664..30e4f2cb 100644 --- a/test/test_repo.py +++ b/test/test_repo.py @@ -238,6 +238,17 @@ class TestRepo(TestBase): except UnicodeEncodeError: self.fail('Raised UnicodeEncodeError') + @with_rw_directory + def test_leaking_password_in_clone_logs(self, rw_dir): + """Check that the password is not printed on the logs""" + password = "fakepassword1234" + try: + Repo.clone_from( + url=f"https://fakeuser:{password}@fakerepo.example.com/testrepo", + to_path=rw_dir) + except GitCommandError as err: + assert password not in str(err) + @with_rw_repo('HEAD') def test_max_chunk_size(self, repo): class TestOutputStream(TestBase): -- cgit v1.2.1 From 1d43a751e578e859e03350f198bca77244ba53b5 Mon Sep 17 00:00:00 2001 From: Michael Mercier Date: Fri, 12 Mar 2021 08:42:15 +0100 Subject: Use format instead of f-string --- test/test_repo.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test') diff --git a/test/test_repo.py b/test/test_repo.py index 30e4f2cb..65e69c52 100644 --- a/test/test_repo.py +++ b/test/test_repo.py @@ -244,7 +244,7 @@ class TestRepo(TestBase): password = "fakepassword1234" try: Repo.clone_from( - url=f"https://fakeuser:{password}@fakerepo.example.com/testrepo", + url="https://fakeuser:{}@fakerepo.example.com/testrepo".format(password), to_path=rw_dir) except GitCommandError as err: assert password not in str(err) -- cgit v1.2.1 From b650c4f28bda658d1f3471882520698ef7fb3af6 Mon Sep 17 00:00:00 2001 From: Michael Mercier Date: Fri, 12 Mar 2021 09:05:39 +0100 Subject: Better assert message --- test/test_repo.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/test_repo.py b/test/test_repo.py index 65e69c52..ac4c6660 100644 --- a/test/test_repo.py +++ b/test/test_repo.py @@ -244,10 +244,11 @@ class TestRepo(TestBase): password = "fakepassword1234" try: Repo.clone_from( - url="https://fakeuser:{}@fakerepo.example.com/testrepo".format(password), + url="https://fakeuser:{}@fakerepo.example.com/testrepo".format( + password), to_path=rw_dir) except GitCommandError as err: - assert password not in str(err) + assert password not in str(err), "The error message '%s' should not contain the password" % err @with_rw_repo('HEAD') def test_max_chunk_size(self, repo): -- cgit v1.2.1 From 50cbafc690e5692a16148dbde9de680be70ddbd1 Mon Sep 17 00:00:00 2001 From: Michael Mercier Date: Mon, 15 Mar 2021 18:39:26 +0100 Subject: Add more test and remove password also from error logs --- test/test_util.py | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/test_util.py b/test/test_util.py index 5eba6c50..a4963264 100644 --- a/test/test_util.py +++ b/test/test_util.py @@ -30,7 +30,8 @@ from git.util import ( Actor, IterableList, cygpath, - decygpath + decygpath, + remove_password_if_present, ) @@ -322,3 +323,17 @@ class TestUtils(TestBase): t2 = pickle.loads(pickle.dumps(t1)) self.assertEqual(t1._offset, t2._offset) self.assertEqual(t1._name, t2._name) + + def test_remove_password_from_command_line(self): + """Check that the password is not printed on the logs""" + password = "fakepassword1234" + url_with_pass = "https://fakeuser:{}@fakerepo.example.com/testrepo".format(password) + url_without_pass = "https://fakerepo.example.com/testrepo" + + cmd_1 = ["git", "clone", "-v", url_with_pass] + cmd_2 = ["git", "clone", "-v", url_without_pass] + cmd_3 = ["no", "url", "in", "this", "one"] + + assert password not in remove_password_if_present(cmd_1) + assert cmd_2 == remove_password_if_present(cmd_2) + assert cmd_3 == remove_password_if_present(cmd_3) -- cgit v1.2.1 From ffddedf5467df993b7a42fbd15afacb901bca6d7 Mon Sep 17 00:00:00 2001 From: Michael Mercier Date: Tue, 16 Mar 2021 10:00:51 +0100 Subject: Use copy and not inplace remove password + working case test --- test/test_repo.py | 5 ++++- test/test_util.py | 7 +++++-- 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/test_repo.py b/test/test_repo.py index ac4c6660..8dc17833 100644 --- a/test/test_repo.py +++ b/test/test_repo.py @@ -240,7 +240,6 @@ class TestRepo(TestBase): @with_rw_directory def test_leaking_password_in_clone_logs(self, rw_dir): - """Check that the password is not printed on the logs""" password = "fakepassword1234" try: Repo.clone_from( @@ -249,6 +248,10 @@ class TestRepo(TestBase): to_path=rw_dir) except GitCommandError as err: assert password not in str(err), "The error message '%s' should not contain the password" % err + # Working example from a blank private project + Repo.clone_from( + url="https://gitlab+deploy-token-392045:mLWhVus7bjLsy8xj8q2V@gitlab.com/mercierm/test_git_python", + to_path=rw_dir) @with_rw_repo('HEAD') def test_max_chunk_size(self, repo): diff --git a/test/test_util.py b/test/test_util.py index a4963264..ddc5f628 100644 --- a/test/test_util.py +++ b/test/test_util.py @@ -325,7 +325,6 @@ class TestUtils(TestBase): self.assertEqual(t1._name, t2._name) def test_remove_password_from_command_line(self): - """Check that the password is not printed on the logs""" password = "fakepassword1234" url_with_pass = "https://fakeuser:{}@fakerepo.example.com/testrepo".format(password) url_without_pass = "https://fakerepo.example.com/testrepo" @@ -334,6 +333,10 @@ class TestUtils(TestBase): cmd_2 = ["git", "clone", "-v", url_without_pass] cmd_3 = ["no", "url", "in", "this", "one"] - assert password not in remove_password_if_present(cmd_1) + redacted_cmd_1 = remove_password_if_present(cmd_1) + assert password not in " ".join(redacted_cmd_1) + # Check that we use a copy + assert cmd_1 is not redacted_cmd_1 + assert password in " ".join(cmd_1) assert cmd_2 == remove_password_if_present(cmd_2) assert cmd_3 == remove_password_if_present(cmd_3) -- cgit v1.2.1