mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fetch-pack: redact packfile urls in traces

Browse Source 
In some setups, packfile uris act as bearer token. It is not
recommended to expose them plainly in logs, although in special
circunstances (e.g. debug) it makes sense to write them.

Redact the packfile URL paths by default, unless the GIT_TRACE_REDACT
variable is set to false. This mimics the redacting of the Authorization
header in HTTP.

Signed-off-by: Ivan Frade <ifrade@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Ivan Frade
2021-11-10 23:51:28 +00:00
committed by Junio C Hamano
parent e9e5ba39a7
commit 88e9b1e3fc
5 changed files with 99 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
t/t5702-protocol-v2.sh
View File

@ -1107,6 +1107,57 @@ test_expect_success 'packfile-uri with transfer.fsckobjects fails when .gitmodul
test_i18ngrep "disallowed submodule name" err
'
test_expect_success 'packfile-uri path redacted in trace' '
P="$HTTPD_DOCUMENT_ROOT_PATH/http_parent" &&
rm -rf "$P" http_child log &&
git init "$P" &&
git -C "$P" config "uploadpack.allowsidebandall" "true" &&
echo my-blob >"$P/my-blob" &&
git -C "$P" add my-blob &&
git -C "$P" commit -m x &&
git -C "$P" hash-object my-blob >objh &&
git -C "$P" pack-objects "$HTTPD_DOCUMENT_ROOT_PATH/mypack" <objh >packh &&
git -C "$P" config --add \
"uploadpack.blobpackfileuri" \
"$(cat objh) $(cat packh) $HTTPD_URL/dumb/mypack-$(cat packh).pack" &&
GIT_TRACE_PACKET="$(pwd)/log" \
git -c protocol.version=2 \
-c fetch.uriprotocols=http,https \
clone "$HTTPD_URL/smart/http_parent" http_child &&
grep -F "clone< \\1$(cat packh) $HTTPD_URL/<redacted>" log
'
test_expect_success 'packfile-uri path not redacted in trace when GIT_TRACE_REDACT=0' '
P="$HTTPD_DOCUMENT_ROOT_PATH/http_parent" &&
rm -rf "$P" http_child log &&
git init "$P" &&
git -C "$P" config "uploadpack.allowsidebandall" "true" &&
echo my-blob >"$P/my-blob" &&
git -C "$P" add my-blob &&
git -C "$P" commit -m x &&
git -C "$P" hash-object my-blob >objh &&
git -C "$P" pack-objects "$HTTPD_DOCUMENT_ROOT_PATH/mypack" <objh >packh &&
git -C "$P" config --add \
"uploadpack.blobpackfileuri" \
"$(cat objh) $(cat packh) $HTTPD_URL/dumb/mypack-$(cat packh).pack" &&
GIT_TRACE_PACKET="$(pwd)/log" \
GIT_TRACE_REDACT=0 \
git -c protocol.version=2 \
-c fetch.uriprotocols=http,https \
clone "$HTTPD_URL/smart/http_parent" http_child &&
grep -F "clone< \\1$(cat packh) $HTTPD_URL/dumb/mypack-$(cat packh).pack" log
'
test_expect_success 'http:// --negotiate-only' '
SERVER="$HTTPD_DOCUMENT_ROOT_PATH/server" &&
URI="$HTTPD_URL/smart/server" &&