From: Johannes Schindelin <johannes.schindelin@xxxxxx> In the patches for CVE-2020-11008, the ability to specify credential settings in the config for partial URLs got lost. For example, it used to be possible to specify a credential helper for a specific protocol: [credential "https://";] helper = my-https-helper Likewise, it used to be possible to configure settings for a specific host, e.g.: [credential "dev.azure.com"] useHTTPPath = true Let's reinstate this behavior. While at it, increase the test coverage to document and verify the behavior with a couple other categories of partial URLs. Signed-off-by: Johannes Schindelin <johannes.schindelin@xxxxxx> --- credential.c | 8 +++++++- t/t0300-credentials.sh | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) diff --git a/credential.c b/credential.c index 52965a5122c..3505f6356d8 100644 --- a/credential.c +++ b/credential.c @@ -53,7 +53,13 @@ static int credential_config_callback(const char *var, const char *value, char *url = xmemdupz(key, dot - key); int matched; - credential_from_url(&want, url); + if (credential_from_url_gently(&want, url, 1, 0) < 0) { + warning(_("skipping credential lookup for key: %s"), + var); + credential_clear(&want); + free(url); + return 0; + } matched = credential_match(&want, c); credential_clear(&want); diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh index efed3ea2955..6fff76cb932 100755 --- a/t/t0300-credentials.sh +++ b/t/t0300-credentials.sh @@ -448,4 +448,43 @@ test_expect_success 'credential system refuses to work with missing protocol' ' test_i18ncmp expect stderr ' +test_expect_success 'credential config with partial URLs' ' + echo "echo password=yep" | write_script git-credential-yep && + test_write_lines url=https://user@xxxxxxxxxxx/repo.git >input && + for partial in \ + example.com \ + user@xxxxxxxxxxx \ + https:// \ + https://example.com \ + https://example.com/ \ + https://user@xxxxxxxxxxx \ + https://user@xxxxxxxxxxx/ \ + https://example.com/repo.git \ + https://user@xxxxxxxxxxx/repo.git \ + /repo.git + do + git -c credential.$partial.helper=yep \ + credential fill <input >output && + grep yep output || + return 1 + done && + + for partial in \ + dont.use.this \ + http:// \ + /repo + do + git -c credential.$partial.helper=yep \ + credential fill <input >output && + ! grep yep output || + return 1 + done && + + git -c credential.$partial.helper=yep \ + -c credential.with%0anewline.username=uh-oh \ + credential fill <input >output 2>error && + test_i18ngrep "skipping credential lookup for key" error + +' + test_done -- gitgitgadget
