Comments (3)
Byron
commented on July 16, 2024
Thanks for reporting.
Could you also show the python code that triggers these? I have a suspicion.
In any case, there already is functionality to hide seemingly sensitive data, but it's based on knowing where the data is.
If these debug lines are caused by repo.git.free_command() this wouldn't be the case.
If in doubt, that debug message can probably just be removed or downgraded to trace.
from gitpython.
zbika73
commented on July 16, 2024
Our core code:
try:
repo = Repo.init(clpath, initial_branch=brname)
repo.git.add(all=True)
repo.index.commit(commit_message)
repo.create_remote('origin', url=repository_to)
repo.git.push('-u', 'origin', f'HEAD:{brname}')
except GitCommandError as ex:
errmsg = str(ex.stderr)
errmsg = re.sub(r'(.*fatal: )(.*)\n', r'\2', errmsg).strip('\n').rstrip("'")
logger.error(f"Exception from git: {errmsg}")
Mentioned clone call (from other place in our code) that hides credentials in DEBUG output:
cloned = Repo.clone_from(repository_from, clpath, branch=source_branch)
from gitpython.
Byron
commented on July 16, 2024
Thanks a lot! It looks like the create_remote() call is indeed provided by GitPython, and that it should ideally run the same obfuscation function that is also used in clone().
Further, one should probably review the public API and find all URL parameters, and assure that these are obfuscated in the log.
from gitpython.
Related Issues (20)
- Wrong type annotation on `Index.commit` for `parent_commits` HOT 3
- Using create submodule doesn't create the correct submodule structure HOT 4
- Submodule.__init__ `parent_commit` conversion/validation is implied but not done HOT 8
- Module docstring says TagReference but means TagObject
- Diffable.diff is misleadingly annotated regarding special `other` values HOT 3
- Top-level refresh function not listed in __all__ HOT 1
- Bad git executable HOT 2
- Unable to specify lines of context while doing diff (-U flag) HOT 1
- γremote().exist()γ exception when lack remote section in config file
- Unhandled IndexError when calling .read() on a malformed config file HOT 6
- Detailed xfail output sometimes distracts from unexpected failures
- Some xfail markings fail to validate their exception types
- How can i set create_patch=true, and meanwhile get change_type in Diff
- git.Repo.clone_from() not working correctly in WSL HOT 3
- Fuzz Tests Are Crashing at Start-up on ClusterFuzz HOT 2
- GitConfigParser misparses quotes in options HOT 1
- Can't catch GitCommandError HOT 6
- submodule: Reference at 'HEAD' does not exist HOT 3
- Git diff pathspec missing -- HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gitpython.