Add more test and remove password also from error logs

mickours · mickours · commit 50cbafc690e5 · 2021-03-15T18:48:34.000+01:00
diff --git a/git/cmd.py b/git/cmd.py
@@ -82,8 +82,8 @@ def pump_stream(cmdline, name, stream, is_decode, handler):
 line = line.decode(defenc)
 handler(line)
 except Exception as ex:
- log.error("Pumping %r of cmd(%s) failed due to: %r", name, cmdline, ex)
- raise CommandError(['<%s-pump>' % name] + cmdline, ex) from ex
+ log.error("Pumping %r of cmd(%s) failed due to: %r", name, remove_password_if_present(cmdline), ex)
+ raise CommandError(['<%s-pump>' % name] + remove_password_if_present(cmdline), ex) from ex
 finally:
 stream.close()
 
diff --git a/git/util.py b/git/util.py
@@ -343,13 +343,13 @@ def expand_path(p, expand_vars=True):
 def remove_password_if_present(cmdline):
 """
 Parse any command line argument and if on of the element is an URL with a
- password, replace it by stars. If nothing found just returns a copy of the
- command line as-is.
+ password, replace it by stars (in-place).
+
+ If nothing found just returns the command line as-is.
 
 This should be used for every log line that print a command line.
 """
- redacted_cmdline = []
- for to_parse in cmdline:
+ for index, to_parse in enumerate(cmdline):
 try:
 url = urlsplit(to_parse)
 # Remove password from the URL if present
@@ -358,12 +358,11 @@ def remove_password_if_present(cmdline):
 
 edited_url = url._replace(
 netloc=url.netloc.replace(url.password, "*****"))
- redacted_cmdline.append(urlunsplit(edited_url))
+ cmdline[index] = urlunsplit(edited_url)
 except ValueError:
- redacted_cmdline.append(to_parse)
 # This is not a valid URL
 pass
- return redacted_cmdline
+ return cmdline
 
 
 #} END utilities
diff --git a/test/test_util.py b/test/test_util.py
@@ -30,7 +30,8 @@
 Actor,
 IterableList,
 cygpath,
- decygpath
+ decygpath,
+ remove_password_if_present,
 )
 
 
@@ -322,3 +323,17 @@ def test_pickle_tzoffset(self):
 t2 = pickle.loads(pickle.dumps(t1))
 self.assertEqual(t1._offset, t2._offset)
 self.assertEqual(t1._name, t2._name)
+
+ def test_remove_password_from_command_line(self):
+ """Check that the password is not printed on the logs"""
+ password = "fakepassword1234"
+ url_with_pass = "https://fakeuser:{}@fakerepo.example.com/testrepo".format(password)
+ url_without_pass = "https://fakerepo.example.com/testrepo"
+
+ cmd_1 = ["git", "clone", "-v", url_with_pass]
+ cmd_2 = ["git", "clone", "-v", url_without_pass]
+ cmd_3 = ["no", "url", "in", "this", "one"]
+
+ assert password not in remove_password_if_present(cmd_1)
+ assert cmd_2 == remove_password_if_present(cmd_2)
+ assert cmd_3 == remove_password_if_present(cmd_3)

-Original file line number
+Diff line change
 line=line.decode(defenc)
 handler(line)
 exceptExceptionasex:
 -log.error("Pumping %r of cmd(%s) failed due to: %r", name, cmdline, ex)
 -raiseCommandError(['<%s-pump>'%name] +cmdline, ex) fromex
 +log.error("Pumping %r of cmd(%s) failed due to: %r", name, remove_password_if_present(cmdline), ex)
 +raiseCommandError(['<%s-pump>'%name] +remove_password_if_present(cmdline), ex) fromex
 finally:
 stream.close()
-Original file line number
+Diff line change
 Actor,
 IterableList,
 cygpath,
 -decygpath
 +decygpath,
 +remove_password_if_present,
+)
 t2=pickle.loads(pickle.dumps(t1))
 self.assertEqual(t1._offset, t2._offset)
 self.assertEqual(t1._name, t2._name)
++
 +deftest_remove_password_from_command_line(self):
 +"""Check that the password is not printed on the logs"""
 +password="fakepassword1234"
 +url_with_pass="https://fakeuser:{}@fakerepo.example.com/testrepo".format(password)
 +url_without_pass="https://fakerepo.example.com/testrepo"
++
 +cmd_1= ["git", "clone", "-v", url_with_pass]
 +cmd_2= ["git", "clone", "-v", url_without_pass]
 +cmd_3= ["no", "url", "in", "this", "one"]
++
 +assertpasswordnotinremove_password_if_present(cmd_1)
 +assertcmd_2==remove_password_if_present(cmd_2)
 +assertcmd_3==remove_password_if_present(cmd_3)