1
0
Fork 0

Document GH token usage and also make sure we redact them in Process debug output, refs #9757

pull/9771/head
Jordi Boggiano 2021-03-09 21:37:43 +01:00
parent dc83ba93f3
commit 54889ca109
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
2 changed files with 4 additions and 1 deletions

View File

@ -125,6 +125,8 @@ abstract class BaseIO implements IOInterface, LoggerInterface
}
foreach ($githubOauth as $domain => $token) {
// allowed chars for GH tokens are from https://github.blog/changelog/2021-03-04-authentication-token-format-updates/
// plus dots which were at some point used for GH app integration tokens
if (!preg_match('{^[.A-Za-z0-9_]+$}', $token)) {
throw new \UnexpectedValueException('Your github oauth token for '.$domain.' contains invalid characters: "'.$token.'"');
}

View File

@ -45,7 +45,8 @@ class ProcessExecutor
{
if ($this->io && $this->io->isDebug()) {
$safeCommand = preg_replace_callback('{://(?P<user>[^:/\s]+):(?P<password>[^@\s/]+)@}i', function ($m) {
if (preg_match('{^[a-f0-9]{12,}$}', $m['user'])) {
// if the username looks like a long (12char+) hex string, or a modern github token (e.g. gp1_xxx) we obfuscate that
if (preg_match('{^([a-f0-9]{12,}|g[a-z]\d_[a-zA-Z0-9_]+)$}', $m['user'])) {
return '://***:***@';
}