mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

clone/fetch: anonymize URLs in the reflog

Browse Source 
Even if we strongly discourage putting credentials into the URLs passed
via the command-line, there _is_ support for that, and users _do_ do
that.

Let's scrub them before writing them to the reflog.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Johannes Schindelin
2020-06-04 20:08:29 +00:00
committed by Junio C Hamano
parent 274b9cc253
commit 46da295a77
3 changed files with 30 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
builtin/fetch.c
View File

@ -1765,8 +1765,13 @@ int cmd_fetch(int argc, const char **argv, const char *prefix)
/* Record the command line for the reflog */
strbuf_addstr(&default_rla, "fetch");
for (i = 1; i < argc; i++)
strbuf_addf(&default_rla, " %s", argv[i]);
for (i = 1; i < argc; i++) {
/* This handles non-URLs gracefully */
char *anon = transport_anonymize_url(argv[i]);
strbuf_addf(&default_rla, " %s", anon);
free(anon);
}
fetch_config_from_gitmodules(&submodule_fetch_jobs_config,
&recurse_submodules);