summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLibravatar Ivan Frade <ifrade@google.com>2021-11-10 23:51:29 +0000
committerLibravatar Junio C Hamano <gitster@pobox.com>2021-11-11 10:07:44 -0800
commit0ba558ffb138f893f786d42b19689898ef456515 (patch)
treef884b9b9738ff448a3e07f548fd58590cc9162de
parentfetch-pack: redact packfile urls in traces (diff)
downloadtgif-0ba558ffb138f893f786d42b19689898ef456515.tar.xz
http-fetch: redact url on die() message
http-fetch prints the URL after failing to fetch it. This can be confusing to users (they cannot really do anything with it), and they can share by accident a sensitive URL (e.g. with credentials) while looking for help. Redact the URL unless the GIT_TRACE_REDACT variable is set to false. This mimics the redaction of other sensitive information in git, like the Authorization header in HTTP. Fix also capitalization of previous die() message (must start in lowercase). Signed-off-by: Ivan Frade <ifrade@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--http-fetch.c14
1 files changed, 12 insertions, 2 deletions
diff --git a/http-fetch.c b/http-fetch.c
index fa642462a9..c7c7d391ac 100644
--- a/http-fetch.c
+++ b/http-fetch.c
@@ -4,6 +4,7 @@
#include "http.h"
#include "walker.h"
#include "strvec.h"
+#include "urlmatch.h"
static const char http_fetch_usage[] = "git http-fetch "
"[-c] [-t] [-a] [-v] [--recover] [-w ref] [--stdin | --packfile=hash | commit-id] url";
@@ -63,8 +64,17 @@ static void fetch_single_packfile(struct object_id *packfile_hash,
if (start_active_slot(preq->slot)) {
run_active_slot(preq->slot);
if (results.curl_result != CURLE_OK) {
- die("Unable to get pack file %s\n%s", preq->url,
- curl_errorstr);
+ struct url_info url;
+ char *nurl = url_normalize(preq->url, &url);
+ if (!nurl || !git_env_bool("GIT_TRACE_REDACT", 1)) {
+ die("unable to get pack file '%s'\n%s", preq->url,
+ curl_errorstr);
+ } else {
+ die("failed to get '%.*s' url from '%.*s' "
+ "(full URL redacted due to GIT_TRACE_REDACT setting)\n%s",
+ (int)url.scheme_len, url.url,
+ (int)url.host_len, &url.url[url.host_off], curl_errorstr);
+ }
}
} else {
die("Unable to start request");