Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[FIXED JENKINS-19995] hide credentials in log/exception messages
  • Loading branch information
ndeloof committed Oct 12, 2013
1 parent f34c90d commit c1fb1ca
Showing 1 changed file with 38 additions and 22 deletions.
60 changes: 38 additions & 22 deletions src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
Expand Up @@ -151,14 +151,15 @@ public void fetch(URIish url, List<RefSpec> refspecs) throws GitException, Inter

StandardCredentials cred = credentials.get(url.toPrivateString());
if (cred == null) cred = defaultCredentials;
args.add( getURLWithCrendentials(url, cred) );
String urlWithCrendentials = getURLWithCrendentials(url, cred);
args.add(urlWithCrendentials);

if (refspecs != null)
for (RefSpec rs: refspecs)
if (rs != null)
args.add(rs.toString());

launchCommandWithCredentials(args, workspace, cred);
launchCommandWithCredentials(args, workspace, cred, urlWithCrendentials, url.toString());

}

Expand All @@ -182,7 +183,7 @@ public void fetch(String remoteName, RefSpec... refspec) throws GitException, In

StandardCredentials cred = credentials.get(getRemoteUrl(remoteName));
if (cred == null) cred = defaultCredentials;
launchCommandWithCredentials(args, workspace, cred);
launchCommandWithCredentials(args, workspace, cred, null, null);
}

public void fetch(String remoteName, RefSpec refspec) throws GitException, InterruptedException {
Expand Down Expand Up @@ -275,10 +276,11 @@ else if (!referencePath.isDirectory())
StandardCredentials cred = credentials.get(url);
if (cred == null) cred = defaultCredentials;

args.add( getURLWithCrendentials(url, cred) );
String urlWithCrendentials = getURLWithCrendentials(url, cred);
args.add(urlWithCrendentials);
args.add(workspace);

launchCommandWithCredentials(args, null, cred);
launchCommandWithCredentials(args, null, cred, urlWithCrendentials, url);
} catch (Exception e) {
throw new GitException("Could not clone " + url, e);
}
Expand Down Expand Up @@ -856,13 +858,16 @@ public String launchCommand(String... args) throws GitException, InterruptedExce
}

/**
*
* @param args
* @param workDir
* @param urlWithCrendentials
* @return command output
* @throws GitException
*/
private String launchCommandWithCredentials(ArgumentListBuilder args, File workDir,
StandardCredentials credentials) throws GitException, InterruptedException {
StandardCredentials credentials,
String urlWithCrendentials, String safeurl) throws GitException, InterruptedException {
RemoteAgent agent = null;
try {
if (credentials != null && credentials instanceof SSHUserPrivateKey) {
Expand All @@ -884,13 +889,21 @@ private String launchCommandWithCredentials(ArgumentListBuilder args, File workD

}

return launchCommandIn(args, workDir);
String command = StringUtils.join(args.toCommandArray(), " ");
if (urlWithCrendentials != null && safeurl != null) {
command = command.replace(urlWithCrendentials, safeurl);
}
return launchCommandIn(args, workDir, command);
} finally {
if (agent != null) agent.stop();
}
}

private String launchCommandIn(ArgumentListBuilder args, File workDir) throws GitException, InterruptedException {
return launchCommandIn(args, workDir, StringUtils.join(args.toCommandArray(), " "));
}

private String launchCommandIn(ArgumentListBuilder args, File workDir, String publicCommand) throws GitException, InterruptedException {
ByteArrayOutputStream fos = new ByteArrayOutputStream();
// JENKINS-13356: capture the output of stderr separately
ByteArrayOutputStream err = new ByteArrayOutputStream();
Expand All @@ -906,14 +919,14 @@ private String launchCommandIn(ArgumentListBuilder args, File workDir) throws Gi

String result = fos.toString();
if (status != 0) {
throw new GitException("Command \""+StringUtils.join(args.toCommandArray(), " ")+"\" returned status code " + status + ":\nstdout: " + result + "\nstderr: "+ err.toString());
throw new GitException("Command \""+publicCommand+"\" returned status code " + status + ":\nstdout: " + result + "\nstderr: "+ err.toString());
}

return result;
} catch (GitException e) {
throw e;
} catch (IOException e) {
throw new GitException("Error performing command: " + StringUtils.join(args.toCommandArray()," "), e);
throw new GitException("Error performing command: " + publicCommand, e);
} catch (Throwable t) {
throw new GitException("Error performing git command", t);
}
Expand All @@ -929,7 +942,7 @@ public void push(String remoteName, String refspec) throws GitException, Interru

StandardCredentials cred = credentials.get(getRemoteUrl(remoteName));
if (cred == null) cred = defaultCredentials;
launchCommandWithCredentials(args, workspace, cred);
launchCommandWithCredentials(args, workspace, cred, null, null);
// Ignore output for now as there's many different formats
// That are possible.
}
Expand Down Expand Up @@ -1210,18 +1223,19 @@ public String getTagMessage(String tagName) throws GitException, InterruptedExce
return out.substring(tagName.length()).replaceAll("(?m)(^ )", "").trim();
}

public ObjectId getHeadRev(String remoteRepoUrl, String branch) throws GitException, InterruptedException {
public ObjectId getHeadRev(String url, String branch) throws GitException, InterruptedException {
String[] branchExploded = branch.split("/");
branch = branchExploded[branchExploded.length-1];
ArgumentListBuilder args = new ArgumentListBuilder("ls-remote");
args.add("-h");

StandardCredentials cred = credentials.get(remoteRepoUrl);
StandardCredentials cred = credentials.get(url);
if (cred == null) cred = defaultCredentials;

args.add( getURLWithCrendentials(remoteRepoUrl, (UsernamePasswordCredentialsImpl) cred) );
String urlWithCrendentials = getURLWithCrendentials(url, cred);
args.add(urlWithCrendentials);
args.add(branch);
String result = launchCommandWithCredentials(args, null, cred);
String result = launchCommandWithCredentials(args, null, cred, urlWithCrendentials, url);
return result.length()>=40 ? ObjectId.fromString(result.substring(0, 40)) : null;
}

Expand Down Expand Up @@ -1251,12 +1265,13 @@ public void push(RemoteConfig repository, String refspec) throws GitException, I
StandardCredentials cred = credentials.get(remote);
if (cred == null) cred = defaultCredentials;

args.add("push", getURLWithCrendentials(uri, (UsernamePasswordCredentialsImpl) cred));
String urlWithCrendentials = getURLWithCrendentials(uri, cred);
args.add("push", urlWithCrendentials);

if (refspec != null)
args.add(refspec);

launchCommandWithCredentials(args, workspace, cred);
launchCommandWithCredentials(args, workspace, cred, urlWithCrendentials, uri.toString());
// Ignore output for now as there's many different formats
// That are possible.

Expand Down Expand Up @@ -1322,7 +1337,7 @@ private String getURLWithCrendentials(URIish u, StandardCredentials cred) {
.setPass(Secret.toString(up.getPassword()));
}

String url = uri.toPrivateASCIIString();
String url = uri.toPrivateString();

// assert http URL is accessible to avoid git process to hung asking for username
if ("http".equalsIgnoreCase(scheme) || "https".equalsIgnoreCase(scheme)) {
Expand All @@ -1334,22 +1349,23 @@ private String getURLWithCrendentials(URIish u, StandardCredentials cred) {
}
int status = 0;
try {
// dump-http
status = client.executeMethod(new GetMethod(url + "/info/refs"));
if (status != 200)
// smart-http
status = client.executeMethod(new GetMethod(url + "/info/refs?service=git-upload-pack"));
if (status != 200)
throw new GitException("Failed to connect to " + u.toString()
+ (cred != null ? " using credentials " + cred.getId() : "" )
+ (cred != null ? " using credentials " + cred.getDescription() : "" )
+ " (status = "+status+")");
} catch (IOException e) {
throw new GitException("Failed to connect to " + u.toString()
+ (cred != null ? " using credentials " + cred.getId() : "" ), e);

+ (cred != null ? " using credentials " + cred.getDescription() : "" ));
} catch (IllegalArgumentException e) {
throw new GitException("Invalid URL " + u.toString());
}
}

return url;
}


}

0 comments on commit c1fb1ca

Please sign in to comment.