From 39c2c8c30ae83a3d8b893ef8cbb0046a53968c80 Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Tue, 21 Jun 2016 11:01:09 +0100 Subject: [PATCH] Add test for password escaping --- src/Composer/Util/ProcessExecutor.php | 4 ++-- tests/Composer/Test/Util/ProcessExecutorTest.php | 10 ++++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/src/Composer/Util/ProcessExecutor.php b/src/Composer/Util/ProcessExecutor.php index 709dcedd5..ec1b9a3db 100644 --- a/src/Composer/Util/ProcessExecutor.php +++ b/src/Composer/Util/ProcessExecutor.php @@ -45,11 +45,11 @@ class ProcessExecutor { if ($this->io && $this->io->isDebug()) { $safeCommand = preg_replace_callback('{(://)(?P[^:/\s]+):(?P[^@\s/]+)}i', function ($m) { - if (preg_match('{^[a-f0-9]{12,}$}', $m[2])) { + if (preg_match('{^[a-f0-9]{12,}$}', $m['user'])) { return '://***:***'; } - return '://'.$m[2].':***'; + return '://'.$m['user'].':***'; }, $command); $this->io->writeError('Executing command ('.($cwd ?: 'CWD').'): '.$safeCommand); } diff --git a/tests/Composer/Test/Util/ProcessExecutorTest.php b/tests/Composer/Test/Util/ProcessExecutorTest.php index b15a2763f..101b0b710 100644 --- a/tests/Composer/Test/Util/ProcessExecutorTest.php +++ b/tests/Composer/Test/Util/ProcessExecutorTest.php @@ -14,6 +14,8 @@ namespace Composer\Test\Util; use Composer\Util\ProcessExecutor; use Composer\TestCase; +use Composer\IO\BufferIO; +use Symfony\Component\Console\Output\StreamOutput; class ProcessExecutorTest extends TestCase { @@ -48,6 +50,14 @@ class ProcessExecutorTest extends TestCase ProcessExecutor::setTimeout(60); } + public function testHidePasswords() + { + $process = new ProcessExecutor($buffer = new BufferIO('', StreamOutput::VERBOSITY_DEBUG)); + $process->execute('echo https://foo:bar@example.org/ && echo http://foo@example.org && echo http://abcdef1234567890234578:x-oauth-token@github.com/', $output); + + $this->assertEquals('Executing command (CWD): echo https://foo:***@example.org/ && echo http://foo@example.org && echo http://***:***@github.com/', trim($buffer->getOutput())); + } + public function testSplitLines() { $process = new ProcessExecutor;