public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Mask Git credentials in the error message (#10115)

pull/10150/head
Sergii Dolgushev 2021-10-02 19:30:21 +01:00 committed by GitHub
parent 28b2b5c0c9
commit 90d112d98a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/Composer/Util/Git.php
View File

@ -98,6 +98,7 @@ class Git
$command = call_user_func($commandCallable, $url); $command = call_user_func($commandCallable, $url);
$auth = null; $auth = null;
$credentials = array();
if ($bypassSshForGitHub || 0 !== $this->process->execute($command, $ignoredOutput, $cwd)) { if ($bypassSshForGitHub || 0 !== $this->process->execute($command, $ignoredOutput, $cwd)) {
$errorMsg = $this->process->getErrorOutput(); $errorMsg = $this->process->getErrorOutput();
// private github repository without ssh key access, try https with auth // private github repository without ssh key access, try https with auth
@ -121,6 +122,7 @@ class Git
return; return;
} }
$credentials = array(rawurlencode($auth['username']), rawurlencode($auth['password']));
$errorMsg = $this->process->getErrorOutput(); $errorMsg = $this->process->getErrorOutput();
} }
} elseif (preg_match('{^https://(bitbucket\.org)/(.*?)(?:\.git)?$}i', $url, $match)) { //bitbucket oauth } elseif (preg_match('{^https://(bitbucket\.org)/(.*?)(?:\.git)?$}i', $url, $match)) { //bitbucket oauth
@ -155,6 +157,7 @@ class Git
return; return;
} }
$credentials = array(rawurlencode($auth['username']), rawurlencode($auth['password']));
$errorMsg = $this->process->getErrorOutput(); $errorMsg = $this->process->getErrorOutput();
} else { // Falling back to ssh } else { // Falling back to ssh
$sshUrl = 'git@bitbucket.org:' . $match[2] . '.git'; $sshUrl = 'git@bitbucket.org:' . $match[2] . '.git';
@ -196,6 +199,7 @@ class Git
return; return;
} }
$credentials = array(rawurlencode($auth['username']), rawurlencode($auth['password']));
$errorMsg = $this->process->getErrorOutput(); $errorMsg = $this->process->getErrorOutput();
} }
} elseif ($this->isAuthenticationFailure($url, $match)) { // private non-github/gitlab/bitbucket repo that failed to authenticate } elseif ($this->isAuthenticationFailure($url, $match)) { // private non-github/gitlab/bitbucket repo that failed to authenticate
@ -236,6 +240,7 @@ class Git
return; return;
} }
$credentials = array(rawurlencode($auth['username']), rawurlencode($auth['password']));
$errorMsg = $this->process->getErrorOutput(); $errorMsg = $this->process->getErrorOutput();
} }
} }
@ -244,6 +249,10 @@ class Git
$this->filesystem->removeDirectory($origCwd); $this->filesystem->removeDirectory($origCwd);
} }
if (count($credentials) > 0) {
$command = $this->maskCredentials($command, $credentials);
$errorMsg = $this->maskCredentials($errorMsg, $credentials);
}
$this->throwException('Failed to execute ' . $command . "\n\n" . $errorMsg, $url); $this->throwException('Failed to execute ' . $command . "\n\n" . $errorMsg, $url);
} }
} }
@ -412,4 +421,23 @@ class Git
return self::$version; return self::$version;
} }
private function maskCredentials(string $error, array $credentials)
{
$maskedCredentials = array();
foreach ($credentials as $credential) {
if (in_array($credential, array('private-token', 'x-token-auth', 'oauth2', 'gitlab-ci-token', 'x-oauth-basic'))) {
$maskedCredentials[] = $credential;
} elseif (strlen($credential) > 6) {
$maskedCredentials[] = substr($credential, 0, 3) . '...' . substr($credential, -3);
} elseif (strlen($credential) > 3) {
$maskedCredentials[] = substr($credential, 0, 3) . '...';
} else {
$maskedCredentials[] = 'XXX';
}
}
return str_replace($credentials, $maskedCredentials, $error);
}
} }