diff options
| author | Andreas Ericsson <ae@op5.se> | 2009-04-17 10:20:11 +0200 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2009-04-21 00:05:21 -0700 |
| commit | 47abd85ba06ed7209d1caa3e5ac7cc6b232bece4 (patch) | |
| tree | b8d5bde85778454775769c6d5cfa680cb9615916 /transport.c | |
| parent | 66996ecc28f001d3dcc73090717bb8c6e47c0d75 (diff) | |
| download | git-47abd85ba06ed7209d1caa3e5ac7cc6b232bece4.tar.gz | |
fetch: Strip usernames from url's before storing them
When pulling from a remote, the full URL including username
is by default added to the commit message. Since it adds
very little value but could be used by malicious people to
glean valid usernames (with matching hostnames), we're far
better off just stripping the username before storing the
remote URL locally.
Note that this patch has no lasting visible effect when
"git pull" does not create a merge commit. It simply
alters what gets written to .git/FETCH_HEAD, which is used
by "git merge" to automagically create its messages.
Signed-off-by: Andreas Ericsson <ae@op5.se>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'transport.c')
| -rw-r--r-- | transport.c | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/transport.c b/transport.c index 3dfb03c06e..8ad317bf32 100644 --- a/transport.c +++ b/transport.c @@ -1083,3 +1083,51 @@ int transport_disconnect(struct transport *transport) free(transport); return ret; } + +/* + * Strip username (and password) from an url and return + * it in a newly allocated string. + */ +char *transport_anonymize_url(const char *url) +{ + char *anon_url, *scheme_prefix, *anon_part; + size_t anon_len, prefix_len = 0; + + anon_part = strchr(url, '@'); + if (is_local(url) || !anon_part) + goto literal_copy; + + anon_len = strlen(++anon_part); + scheme_prefix = strstr(url, "://"); + if (!scheme_prefix) { + if (!strchr(anon_part, ':')) + /* cannot be "me@there:/path/name" */ + goto literal_copy; + } else { + const char *cp; + /* make sure scheme is reasonable */ + for (cp = url; cp < scheme_prefix; cp++) { + switch (*cp) { + /* RFC 1738 2.1 */ + case '+': case '.': case '-': + break; /* ok */ + default: + if (isalnum(*cp)) + break; + /* it isn't */ + goto literal_copy; + } + } + /* @ past the first slash does not count */ + cp = strchr(scheme_prefix + 3, '/'); + if (cp && cp < anon_part) + goto literal_copy; + prefix_len = scheme_prefix - url + 3; + } + anon_url = xcalloc(1, 1 + prefix_len + anon_len); + memcpy(anon_url, url, prefix_len); + memcpy(anon_url + prefix_len, anon_part, anon_len); + return anon_url; +literal_copy: + return xstrdup(url); +} |