From: Johannes Schindelin <johannes.schindelin@xxxxxx>
Just like 47abd85ba0 (fetch: Strip usernames from url's before storing
them, 2009-04-17) and later 882d49ca5c (push: anonymize URL in status
output, 2016-07-13), and even later c1284b21f243 (curl: anonymize URLs
in error messages and warnings, 2019-03-04) this change anonymizes URLs
(read: strips them of user names and especially passwords) in
user-facing error messages and warnings.
Signed-off-by: Johannes Schindelin <johannes.schindelin@xxxxxx>
---
push: anonymize URLs in error messages and warnings
A token used by GitGitGadget was leaked by this bug. Thankfully, it
seems nobody noticed, and I installed a patched Git on the self-hosted
build agent so that this won't happen anymore.
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-618%2Fdscho%2Fanonymize-push-url-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-618/dscho/anonymize-push-url-v1
Pull-Request: https://github.com/gitgitgadget/git/pull/618
builtin/push.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/builtin/push.c b/builtin/push.c
index 6dbf0f0bb71..bd2a2cbfbd7 100644
--- a/builtin/push.c
+++ b/builtin/push.c
@@ -340,6 +340,7 @@ static int push_with_options(struct transport *transport, struct refspec *rs,
{
int err;
unsigned int reject_reasons;
+ char *anon_url = transport_anonymize_url(transport->url);
transport_set_verbosity(transport, verbosity, progress);
transport->family = family;
@@ -364,11 +365,12 @@ static int push_with_options(struct transport *transport, struct refspec *rs,
trace2_region_leave("push", "transport_push", the_repository);
if (err != 0) {
fprintf(stderr, "%s", push_get_color(PUSH_COLOR_ERROR));
- error(_("failed to push some refs to '%s'"), transport->url);
+ error(_("failed to push some refs to '%s'"), anon_url);
fprintf(stderr, "%s", push_get_color(PUSH_COLOR_RESET));
}
err |= transport_disconnect(transport);
+ free(anon_url);
if (!err)
return 0;
base-commit: af6b65d45ef179ed52087e80cb089f6b2349f4ec
--
gitgitgadget
