When pulling from a remote, the full URL including username
is by default added to the commit message. Since it adds
very little value but could be used by malicious people to
glean valid usernames (with matching hostnames), we're far
better off just stripping the username before storing the
remote URL locally.
Note that this patch has no lasting visible effect when
"git pull" does not create a merge commit. It simply
alters what gets written to .git/FETCH_HEAD, which is used
by "git merge" to automagically create its' messages.
Signed-off-by: Andreas Ericsson <ae@xxxxxx>
---
This incorporates the changes suggested by both J6t and
Michael Gruber, as well as the properly functioning
version of the patch (the last one had an off-by-lots
for some url's, as I failed at --amend'ing it).
builtin-fetch.c | 7 +++++--
transport.c | 40 ++++++++++++++++++++++++++++++++++++++++
transport.h | 1 +
3 files changed, 46 insertions(+), 2 deletions(-)
diff --git a/builtin-fetch.c b/builtin-fetch.c
index 3c998ea..0bb290b 100644
--- a/builtin-fetch.c
+++ b/builtin-fetch.c
@@ -289,7 +289,7 @@ static int update_local_ref(struct ref *ref,
}
}
-static int store_updated_refs(const char *url, const char *remote_name,
+static int store_updated_refs(const char *raw_url, const char *remote_name,
struct ref *ref_map)
{
FILE *fp;
@@ -298,11 +298,13 @@ static int store_updated_refs(const char *url, const char *remote_name,
char note[1024];
const char *what, *kind;
struct ref *rm;
- char *filename = git_path("FETCH_HEAD");
+ char *url, *filename = git_path("FETCH_HEAD");
fp = fopen(filename, "a");
if (!fp)
return error("cannot open %s: %s\n", filename, strerror(errno));
+
+ url = transport_anonymize_url(raw_url);
for (rm = ref_map; rm; rm = rm->next) {
struct ref *ref = NULL;
@@ -376,6 +378,7 @@ static int store_updated_refs(const char *url, const char *remote_name,
fprintf(stderr, " %s\n", note);
}
}
+ free(url);
fclose(fp);
if (rc & 2)
error("some local refs could not be updated; try running\n"
diff --git a/transport.c b/transport.c
index 3dfb03c..9e6dc5e 100644
--- a/transport.c
+++ b/transport.c
@@ -1083,3 +1083,43 @@ int transport_disconnect(struct transport *transport)
free(transport);
return ret;
}
+
+/*
+ * Strip username information from the url and return it in a
+ * newly allocated string which the caller has to free.
+ *
+ * The url's we want to catch are the following:
+ * ssh://[user@]host.xz[:port]/path/to/repo.git/
+ * [user@]host.xz:/path/to/repo.git/
+ * http[s]://[user[:password]@]host.xz/path/to/repo.git
+ *
+ * Although git doesn't currently support giving the password
+ * to http url's on the command-line, it's easier to catch
+ * that case too than it is to cater for it specially.
+ */
+char *transport_anonymize_url(const char *url)
+{
+ char *anon_url;
+ const char *at_sign = strchr(url, '@');
+ size_t len, prefix_len = 0;
+
+ if (is_local(url) || !at_sign)
+ return xstrdup(url);
+
+ if (!prefixcmp(url, "ssh://"))
+ prefix_len = strlen("ssh://");
+ else if (!prefixcmp(url, "http://";))
+ prefix_len = strlen("http://";);
+ else if (!prefixcmp(url, "https://";))
+ prefix_len = strlen("https://";);
+ else if (!strchr(at_sign + 1, ':'))
+ return xstrdup(url);
+
+ len = prefix_len + strlen(at_sign + 1);
+ anon_url = xcalloc(1, 1 + prefix_len + strlen(at_sign + 1));
+ if (prefix_len)
+ memcpy(anon_url, url, prefix_len);
+ memcpy(anon_url + prefix_len, at_sign + 1, strlen(at_sign + 1));
+
+ return anon_url;
+}
diff --git a/transport.h b/transport.h
index b1c2252..27bfc52 100644
--- a/transport.h
+++ b/transport.h
@@ -74,5 +74,6 @@ const struct ref *transport_get_remote_refs(struct transport *transport);
int transport_fetch_refs(struct transport *transport, const struct ref *refs);
void transport_unlock_pack(struct transport *transport);
int transport_disconnect(struct transport *transport);
+char *transport_anonymize_url(const char *url);
#endif
--
1.6.3.rc0.2.g743353.dirty
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html