diff options
| author | Glenn Matthews <glenn.matthews@networktocode.com> | 2022-05-04 12:48:09 -0400 |
|---|---|---|
| committer | Glenn Matthews <glenn.matthews@networktocode.com> | 2022-05-04 12:48:09 -0400 |
| commit | 85fe2735b7c9119804813bcbbdd8d14018291ed3 (patch) | |
| tree | ee9aa2356a5f57cf547580d56e2df3723df6c6df /git/util.py | |
| parent | d5cee4a467a0ab543c0a118cc763ad3a54b8fc69 (diff) | |
| download | gitpython-85fe2735b7c9119804813bcbbdd8d14018291ed3.tar.gz | |
Fix #1284: strip usernames from URLs as well as passwords
Diffstat (limited to 'git/util.py')
| -rw-r--r-- | git/util.py | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/git/util.py b/git/util.py index 6e6f0955..0711265a 100644 --- a/git/util.py +++ b/git/util.py @@ -5,7 +5,6 @@ # the BSD License: http://www.opensource.org/licenses/bsd-license.php from abc import abstractmethod -from .exc import InvalidGitRepositoryError import os.path as osp from .compat import is_win import contextlib @@ -94,6 +93,8 @@ def unbare_repo(func: Callable[..., T]) -> Callable[..., T]: """Methods with this decorator raise InvalidGitRepositoryError if they encounter a bare repository""" + from .exc import InvalidGitRepositoryError + @wraps(func) def wrapper(self: 'Remote', *args: Any, **kwargs: Any) -> T: if self.repo.bare: @@ -412,11 +413,12 @@ def expand_path(p: Union[None, PathLike], expand_vars: bool = True) -> Optional[ def remove_password_if_present(cmdline: Sequence[str]) -> List[str]: """ Parse any command line argument and if on of the element is an URL with a - password, replace it by stars (in-place). + username and/or password, replace them by stars (in-place). If nothing found just returns the command line as-is. - This should be used for every log line that print a command line. + This should be used for every log line that print a command line, as well as + exception messages. """ new_cmdline = [] for index, to_parse in enumerate(cmdline): @@ -424,12 +426,16 @@ def remove_password_if_present(cmdline: Sequence[str]) -> List[str]: try: url = urlsplit(to_parse) # Remove password from the URL if present - if url.password is None: + if url.password is None and url.username is None: continue - edited_url = url._replace( - netloc=url.netloc.replace(url.password, "*****")) - new_cmdline[index] = urlunsplit(edited_url) + if url.password is not None: + url = url._replace( + netloc=url.netloc.replace(url.password, "*****")) + if url.username is not None: + url = url._replace( + netloc=url.netloc.replace(url.username, "*****")) + new_cmdline[index] = urlunsplit(url) except ValueError: # This is not a valid URL continue |