From c1284b21f2436de24c9559fcc5f4badb04f47773 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 4 Mar 2019 07:33:46 -0800 Subject: [PATCH 1/1] curl: anonymize URLs in error messages and warnings Just like 47abd85ba0 (fetch: Strip usernames from url's before storing them, 2009-04-17) and later 882d49ca5c (push: anonymize URL in status output, 2016-07-13), this change anonymizes URLs (read: strips them of user names and especially passwords) in user-facing error messages and warnings. Signed-off-by: Johannes Schindelin Reviewed-by: Jeff King Signed-off-by: Junio C Hamano --- remote-curl.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/remote-curl.c b/remote-curl.c index 762a55a75f..6be3cb5918 100644 --- a/remote-curl.c +++ b/remote-curl.c @@ -16,6 +16,7 @@ #include "send-pack.h" #include "protocol.h" #include "quote.h" +#include "transport.h" static struct remote *remote; /* always ends with a trailing slash */ @@ -250,7 +251,7 @@ static struct ref *parse_info_refs(struct discovery *heads) if (data[i] == '\n') { if (mid - start != 40) die("%sinfo/refs not valid: is this a git repository?", - url.buf); + transport_anonymize_url(url.buf)); data[i] = 0; ref_name = mid + 1; ref = alloc_ref(ref_name); @@ -388,17 +389,23 @@ static struct discovery *discover_refs(const char *service, int for_push) break; case HTTP_MISSING_TARGET: show_http_message(&type, &charset, &buffer); - die("repository '%s' not found", url.buf); + die("repository '%s' not found", + transport_anonymize_url(url.buf)); case HTTP_NOAUTH: show_http_message(&type, &charset, &buffer); - die("Authentication failed for '%s'", url.buf); + die("Authentication failed for '%s'", + transport_anonymize_url(url.buf)); default: show_http_message(&type, &charset, &buffer); - die("unable to access '%s': %s", url.buf, curl_errorstr); + die("unable to access '%s': %s", + transport_anonymize_url(url.buf), curl_errorstr); } - if (options.verbosity && !starts_with(refs_url.buf, url.buf)) - warning(_("redirecting to %s"), url.buf); + if (options.verbosity && !starts_with(refs_url.buf, url.buf)) { + char *u = transport_anonymize_url(url.buf); + warning(_("redirecting to %s"), u); + free(u); + } last= xcalloc(1, sizeof(*last_discovery)); last->service = xstrdup(service); -- 2.47.1