Merge pull request #1198 from RyaxTech/replace-password-in-uri-by-stars

Replace password in URI by stars if present to avoid leaking secrets in logs

1 files changed, 15 insertions, 0 deletions

diff --git a/test/test_repo.py b/test/test_repo.py
index d5ea8664..8dc17833 100644
--- a/test/test_repo.py
+++ b/test/test_repo.py
@@ -238,6 +238,21 @@ class TestRepo(TestBase):
             except UnicodeEncodeError:
                 self.fail('Raised UnicodeEncodeError')
 
+    @with_rw_directory
+    def test_leaking_password_in_clone_logs(self, rw_dir):
+        password = "fakepassword1234"
+        try:
+            Repo.clone_from(
+                url="https://fakeuser:{}@fakerepo.example.com/testrepo".format(
+                    password),
+                to_path=rw_dir)
+        except GitCommandError as err:
+            assert password not in str(err), "The error message '%s' should not contain the password" % err
+        # Working example from a blank private project
+        Repo.clone_from(
+            url="https://gitlab+deploy-token-392045:mLWhVus7bjLsy8xj8q2V@gitlab.com/mercierm/test_git_python",
+            to_path=rw_dir)
+
     @with_rw_repo('HEAD')
     def test_max_chunk_size(self, repo):
         class TestOutputStream(TestBase):