diff options
author | Junio C Hamano <gitster@pobox.com> | 2022-06-14 01:53:42 +0300 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2022-06-14 01:53:42 +0300 |
commit | 11698e551ce0590af6d7ce1f5b683eca27e68ab3 (patch) | |
tree | 12296178753060a876dbf5105c7a258ebf7afdb4 /remote.c | |
parent | eef985e17af956b341b08ed7ad47f3941cb7da94 (diff) | |
parent | 6dcbdc0d6616d7fbd2445aa2237b22e3c172ea85 (diff) |
Merge branch 'ds/credentials-in-url'
The "fetch.credentialsInUrl" configuration variable controls what
happens when a URL with embedded login credential is used.
* ds/credentials-in-url:
remote: create fetch.credentialsInUrl config
Diffstat (limited to 'remote.c')
-rw-r--r-- | remote.c | 48 |
1 files changed, 48 insertions, 0 deletions
@@ -1,6 +1,7 @@ #include "cache.h" #include "config.h" #include "remote.h" +#include "urlmatch.h" #include "refs.h" #include "refspec.h" #include "object-store.h" @@ -617,6 +618,50 @@ const char *remote_ref_for_branch(struct branch *branch, int for_push) return NULL; } +static void validate_remote_url(struct remote *remote) +{ + int i; + const char *value; + struct strbuf redacted = STRBUF_INIT; + int warn_not_die; + + if (git_config_get_string_tmp("fetch.credentialsinurl", &value)) + return; + + if (!strcmp("warn", value)) + warn_not_die = 1; + else if (!strcmp("die", value)) + warn_not_die = 0; + else if (!strcmp("allow", value)) + return; + else + die(_("unrecognized value fetch.credentialsInURL: '%s'"), value); + + for (i = 0; i < remote->url_nr; i++) { + struct url_info url_info = { 0 }; + + if (!url_normalize(remote->url[i], &url_info) || + !url_info.passwd_off) + goto loop_cleanup; + + strbuf_reset(&redacted); + strbuf_add(&redacted, url_info.url, url_info.passwd_off); + strbuf_addstr(&redacted, "<redacted>"); + strbuf_addstr(&redacted, + url_info.url + url_info.passwd_off + url_info.passwd_len); + + if (warn_not_die) + warning(_("URL '%s' uses plaintext credentials"), redacted.buf); + else + die(_("URL '%s' uses plaintext credentials"), redacted.buf); + +loop_cleanup: + free(url_info.url); + } + + strbuf_release(&redacted); +} + static struct remote * remotes_remote_get_1(struct remote_state *remote_state, const char *name, const char *(*get_default)(struct remote_state *, @@ -642,6 +687,9 @@ remotes_remote_get_1(struct remote_state *remote_state, const char *name, add_url_alias(remote_state, ret, name); if (!valid_remote(ret)) return NULL; + + validate_remote_url(ret); + return ret; } |