http-fetch: redact url on die() message

http-fetch prints the URL after failing to fetch it. This can be
confusing to users (they cannot really do anything with it), and they
can share by accident a sensitive URL (e.g. with credentials) while
looking for help.

Redact the URL unless the GIT_TRACE_REDACT variable is set to false. This
mimics the redaction of other sensitive information in git, like the
Authorization header in HTTP.

Fix also capitalization of previous die() message (must start in
lowercase).

Signed-off-by: Ivan Frade <ifrade@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Ivan Frade 2021-11-10 23:51:29 +00:00 committed by Junio C Hamano
parent 88e9b1e3fc
commit 0ba558ffb1

View File

@ -4,6 +4,7 @@
#include "http.h"
#include "walker.h"
#include "strvec.h"
#include "urlmatch.h"
static const char http_fetch_usage[] = "git http-fetch "
"[-c] [-t] [-a] [-v] [--recover] [-w ref] [--stdin | --packfile=hash | commit-id] url";
@ -63,8 +64,17 @@ static void fetch_single_packfile(struct object_id *packfile_hash,
if (start_active_slot(preq->slot)) {
run_active_slot(preq->slot);
if (results.curl_result != CURLE_OK) {
die("Unable to get pack file %s\n%s", preq->url,
curl_errorstr);
struct url_info url;
char *nurl = url_normalize(preq->url, &url);
if (!nurl || !git_env_bool("GIT_TRACE_REDACT", 1)) {
die("unable to get pack file '%s'\n%s", preq->url,
curl_errorstr);
} else {
die("failed to get '%.*s' url from '%.*s' "
"(full URL redacted due to GIT_TRACE_REDACT setting)\n%s",
(int)url.scheme_len, url.url,
(int)url.host_len, &url.url[url.host_off], curl_errorstr);
}
}
} else {
die("Unable to start request");