diff options
| author | Michael Mercier <michael.mercier@ryax.tech> | 2021-03-15 18:39:26 +0100 |
|---|---|---|
| committer | Michael Mercier <michael.mercier@ryax.tech> | 2021-03-15 18:48:34 +0100 |
| commit | 50cbafc690e5692a16148dbde9de680be70ddbd1 (patch) | |
| tree | c07b6454aa8bd3050020edcc114d5f33b984f975 | |
| parent | f7968d136276607115907267b3be89c3ff9acd03 (diff) | |
| download | gitpython-50cbafc690e5692a16148dbde9de680be70ddbd1.tar.gz | |
Add more test and remove password also from error logs
| -rw-r--r-- | git/cmd.py | 4 | ||||
| -rw-r--r-- | git/util.py | 13 | ||||
| -rw-r--r-- | test/test_util.py | 17 |
3 files changed, 24 insertions, 10 deletions
@@ -82,8 +82,8 @@ def handle_process_output(process, stdout_handler, stderr_handler, line = line.decode(defenc) handler(line) except Exception as ex: - log.error("Pumping %r of cmd(%s) failed due to: %r", name, cmdline, ex) - raise CommandError(['<%s-pump>' % name] + cmdline, ex) from ex + log.error("Pumping %r of cmd(%s) failed due to: %r", name, remove_password_if_present(cmdline), ex) + raise CommandError(['<%s-pump>' % name] + remove_password_if_present(cmdline), ex) from ex finally: stream.close() diff --git a/git/util.py b/git/util.py index e9d183d9..80985df4 100644 --- a/git/util.py +++ b/git/util.py @@ -343,13 +343,13 @@ def expand_path(p, expand_vars=True): def remove_password_if_present(cmdline): """ Parse any command line argument and if on of the element is an URL with a - password, replace it by stars. If nothing found just returns a copy of the - command line as-is. + password, replace it by stars (in-place). + + If nothing found just returns the command line as-is. This should be used for every log line that print a command line. """ - redacted_cmdline = [] - for to_parse in cmdline: + for index, to_parse in enumerate(cmdline): try: url = urlsplit(to_parse) # Remove password from the URL if present @@ -358,12 +358,11 @@ def remove_password_if_present(cmdline): edited_url = url._replace( netloc=url.netloc.replace(url.password, "*****")) - redacted_cmdline.append(urlunsplit(edited_url)) + cmdline[index] = urlunsplit(edited_url) except ValueError: - redacted_cmdline.append(to_parse) # This is not a valid URL pass - return redacted_cmdline + return cmdline #} END utilities diff --git a/test/test_util.py b/test/test_util.py index 5eba6c50..a4963264 100644 --- a/test/test_util.py +++ b/test/test_util.py @@ -30,7 +30,8 @@ from git.util import ( Actor, IterableList, cygpath, - decygpath + decygpath, + remove_password_if_present, ) @@ -322,3 +323,17 @@ class TestUtils(TestBase): t2 = pickle.loads(pickle.dumps(t1)) self.assertEqual(t1._offset, t2._offset) self.assertEqual(t1._name, t2._name) + + def test_remove_password_from_command_line(self): + """Check that the password is not printed on the logs""" + password = "fakepassword1234" + url_with_pass = "https://fakeuser:{}@fakerepo.example.com/testrepo".format(password) + url_without_pass = "https://fakerepo.example.com/testrepo" + + cmd_1 = ["git", "clone", "-v", url_with_pass] + cmd_2 = ["git", "clone", "-v", url_without_pass] + cmd_3 = ["no", "url", "in", "this", "one"] + + assert password not in remove_password_if_present(cmd_1) + assert cmd_2 == remove_password_if_present(cmd_2) + assert cmd_3 == remove_password_if_present(cmd_3) |