Merge pull request #26486 from thusoy/git-confidential-auth

Git: Don't leak https user/pw to log
2025-04-17 10:10:20 +00:00 · 2015-08-20 10:04:52 -06:00 · 2015-08-20 10:04:52 -06:00 · 28aa9b1058
commit 28aa9b1058
parent 679ba5ee0a 5289165487
2 changed files with 32 additions and 3 deletions
--- a/salt/modules/git.py
+++ b/salt/modules/git.py
@ -6,6 +6,7 @@ from __future__ import absolute_import

 # Import python libs
 import os
+import re
 import subprocess

 # Import salt libs
@ -62,6 +63,7 @@ def _git_run(cmd, cwd=None, runas=None, identity=None, **kwargs):
                result = __salt__['cmd.run_all'](cmd,
                                                 cwd=cwd,
                                                 runas=runas,
+                                                 output_loglevel='quiet',
                                                 env=env,
                                                 python_shell=False,
                                                 **kwargs)
@ -73,7 +75,8 @@ def _git_run(cmd, cwd=None, runas=None, identity=None, **kwargs):
            if result['retcode'] == 0:
                return result['stdout']
            else:
-                stderrs.append(result['stderr'])
+                stderr = _remove_sensitive_data(result['stderr'])
+                stderrs.append(stderr)

        # we've tried all IDs and still haven't passed, so error out
        raise CommandExecutionError("\n\n".join(stderrs))
@ -82,6 +85,7 @@ def _git_run(cmd, cwd=None, runas=None, identity=None, **kwargs):
        result = __salt__['cmd.run_all'](cmd,
                                         cwd=cwd,
                                         runas=runas,
+                                         output_loglevel='quiet',
                                         env=env,
                                         python_shell=False,
                                         **kwargs)
@ -90,9 +94,16 @@ def _git_run(cmd, cwd=None, runas=None, identity=None, **kwargs):
        if retcode == 0:
            return result['stdout']
        else:
+            stderr = _remove_sensitive_data(result['stderr'])
            raise CommandExecutionError(
-                'Command {0!r} failed. Stderr: {1!r}'.format(cmd,
-                                                             result['stderr']))
+                'Command {0!r} failed. Stderr: {1!r}'.format(cmd, stderr))
+
+
+def _remove_sensitive_data(sensitive_output):
+    '''
+        Remove HTTP user and password.
+    '''
+    return re.sub('(https?)://.*@', r'\1://<redacted>@', sensitive_output)


 def _git_getdir(cwd, user=None):
--- a/tests/unit/modules/git_test.py
+++ b/tests/unit/modules/git_test.py
@ -37,6 +37,24 @@ class GitTestCase(TestCase):
            result = git._add_http_basic_auth(**kwargs)
            self.assertEqual(result, expected)

+    def test_https_user_and_pw_is_confidential(self):
+        sensitive_outputs = (
+            'https://deadbeaf@example.com',
+            'https://user:pw@example.com',
+        )
+        sanitized = 'https://<redacted>@example.com'
+        for sensitive_output in sensitive_outputs:
+            result = git._remove_sensitive_data(sensitive_output)
+            self.assertEqual(result, sanitized)
+
+    def test_git_ssh_user_is_not_treated_as_sensitive(self):
+        not_sensitive_outputs = (
+            'ssh://user@example.com',
+        )
+        for not_sensitive_output in not_sensitive_outputs:
+            result = git._remove_sensitive_data(not_sensitive_output)
+            self.assertEqual(result, not_sensitive_output)
+

 if __name__ == '__main__':
    from integration import run_tests