On Wed, Nov 22, 2023 at 11:18 AM Johannes Schindelin via GitGitGadget <gitgitgadget@xxxxxxxxx> wrote: > > The Trace2 output can contain secrets when a user issues a Git command with > sensitive information in the command-line. A typical (if highly discouraged) > example is: git clone https://user:password@xxxxxxxx/. > > With this PR, the Trace2 output redacts passwords in such URLs by default. > > This series also includes a commit to temporarily disable leak checking on > t0210,t0211 because the tests uncover other unrelated bugs in Git. > > These patches were integrated into Microsoft's fork of Git, as > https://github.com/microsoft/git/pull/616, and have been cooking there ever > since. Thanks for making these changes. Makes me wonder, back when we were logging trace2 data, if we had some of these leaks. Eek. As I commented in patch 2, I think this is a good start, but I'm curious if others would be willing to turn clone/fetch of such bad URLs into warnings for now and errors later. The prevalence of AI-assist add-ons for various IDEs and the number of developers opting to use those IDEs and add-ons, and the fact that these tools sometimes include repository URLs in what they send off to third parties, makes me wonder if our recent infosec fire drill is soon going to be a widely shared experience by lots of other companies and individuals. Training users to not do bad things is hard, and it might be worth saving them from themselves. Thoughts?
