fetch-pack: redact packfile urls in traces
In some setups, packfile uris act as bearer token. It is not recommended to expose them plainly in logs, although in special circunstances (e.g. debug) it makes sense to write them. Redact the packfile URL paths by default, unless the GIT_TRACE_REDACT variable is set to false. This mimics the redacting of the Authorization header in HTTP. Signed-off-by: Ivan Frade <ifrade@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
parent
e9e5ba39a7
commit
88e9b1e3fc
@ -832,8 +832,9 @@ for full details.
|
||||
|
||||
`GIT_TRACE_REDACT`::
|
||||
By default, when tracing is activated, Git redacts the values of
|
||||
cookies, the "Authorization:" header, and the "Proxy-Authorization:"
|
||||
header. Set this variable to `0` to prevent this redaction.
|
||||
cookies, the "Authorization:" header, the "Proxy-Authorization:"
|
||||
header and packfile URIs. Set this variable to `0` to prevent this
|
||||
redaction.
|
||||
|
||||
`GIT_LITERAL_PATHSPECS`::
|
||||
Setting this variable to `1` will cause Git to treat all
|
||||
|
@ -1653,8 +1653,13 @@ static struct ref *do_fetch_pack_v2(struct fetch_pack_args *args,
|
||||
receive_wanted_refs(&reader, sought, nr_sought);
|
||||
|
||||
/* get the pack(s) */
|
||||
if (git_env_bool("GIT_TRACE_REDACT", 1))
|
||||
reader.options |= PACKET_READ_REDACT_URI_PATH;
|
||||
if (process_section_header(&reader, "packfile-uris", 1))
|
||||
receive_packfile_uris(&reader, &packfile_uris);
|
||||
/* We don't expect more URIs. Reset to avoid expensive URI check. */
|
||||
reader.options &= ~PACKET_READ_REDACT_URI_PATH;
|
||||
|
||||
process_section_header(&reader, "packfile", 0);
|
||||
|
||||
/*
|
||||
|
40
pkt-line.c
40
pkt-line.c
@ -370,6 +370,32 @@ int packet_length(const char lenbuf_hex[4])
|
||||
return (val < 0) ? val : (val << 8) | hex2chr(lenbuf_hex + 2);
|
||||
}
|
||||
|
||||
static char *find_packfile_uri_path(const char *buffer)
|
||||
{
|
||||
const char *URI_MARK = "://";
|
||||
char *path;
|
||||
int len;
|
||||
|
||||
/* First char is sideband mark */
|
||||
buffer += 1;
|
||||
|
||||
len = strspn(buffer, "0123456789abcdefABCDEF");
|
||||
/* size of SHA1 and SHA256 hash */
|
||||
if (!(len == 40 || len == 64) || buffer[len] != ' ')
|
||||
return NULL; /* required "<hash>SP" not seen */
|
||||
|
||||
path = strstr(buffer + len + 1, URI_MARK);
|
||||
if (!path)
|
||||
return NULL;
|
||||
|
||||
path = strchr(path + strlen(URI_MARK), '/');
|
||||
if (!path || !*(path + 1))
|
||||
return NULL;
|
||||
|
||||
/* position after '/' */
|
||||
return ++path;
|
||||
}
|
||||
|
||||
enum packet_read_status packet_read_with_status(int fd, char **src_buffer,
|
||||
size_t *src_len, char *buffer,
|
||||
unsigned size, int *pktlen,
|
||||
@ -377,6 +403,7 @@ enum packet_read_status packet_read_with_status(int fd, char **src_buffer,
|
||||
{
|
||||
int len;
|
||||
char linelen[4];
|
||||
char *uri_path_start;
|
||||
|
||||
if (get_packet_data(fd, src_buffer, src_len, linelen, 4, options) < 0) {
|
||||
*pktlen = -1;
|
||||
@ -427,7 +454,18 @@ enum packet_read_status packet_read_with_status(int fd, char **src_buffer,
|
||||
len--;
|
||||
|
||||
buffer[len] = 0;
|
||||
packet_trace(buffer, len, 0);
|
||||
if (options & PACKET_READ_REDACT_URI_PATH &&
|
||||
(uri_path_start = find_packfile_uri_path(buffer))) {
|
||||
const char *redacted = "<redacted>";
|
||||
struct strbuf tracebuf = STRBUF_INIT;
|
||||
strbuf_insert(&tracebuf, 0, buffer, len);
|
||||
strbuf_splice(&tracebuf, uri_path_start - buffer,
|
||||
strlen(uri_path_start), redacted, strlen(redacted));
|
||||
packet_trace(tracebuf.buf, tracebuf.len, 0);
|
||||
strbuf_release(&tracebuf);
|
||||
} else {
|
||||
packet_trace(buffer, len, 0);
|
||||
}
|
||||
|
||||
if ((options & PACKET_READ_DIE_ON_ERR_PACKET) &&
|
||||
starts_with(buffer, "ERR "))
|
||||
|
@ -87,6 +87,7 @@ void packet_fflush(FILE *f);
|
||||
#define PACKET_READ_CHOMP_NEWLINE (1u<<1)
|
||||
#define PACKET_READ_DIE_ON_ERR_PACKET (1u<<2)
|
||||
#define PACKET_READ_GENTLE_ON_READ_ERROR (1u<<3)
|
||||
#define PACKET_READ_REDACT_URI_PATH (1u<<4)
|
||||
int packet_read(int fd, char *buffer, unsigned size, int options);
|
||||
|
||||
/*
|
||||
|
@ -1107,6 +1107,57 @@ test_expect_success 'packfile-uri with transfer.fsckobjects fails when .gitmodul
|
||||
test_i18ngrep "disallowed submodule name" err
|
||||
'
|
||||
|
||||
test_expect_success 'packfile-uri path redacted in trace' '
|
||||
P="$HTTPD_DOCUMENT_ROOT_PATH/http_parent" &&
|
||||
rm -rf "$P" http_child log &&
|
||||
|
||||
git init "$P" &&
|
||||
git -C "$P" config "uploadpack.allowsidebandall" "true" &&
|
||||
|
||||
echo my-blob >"$P/my-blob" &&
|
||||
git -C "$P" add my-blob &&
|
||||
git -C "$P" commit -m x &&
|
||||
|
||||
git -C "$P" hash-object my-blob >objh &&
|
||||
git -C "$P" pack-objects "$HTTPD_DOCUMENT_ROOT_PATH/mypack" <objh >packh &&
|
||||
git -C "$P" config --add \
|
||||
"uploadpack.blobpackfileuri" \
|
||||
"$(cat objh) $(cat packh) $HTTPD_URL/dumb/mypack-$(cat packh).pack" &&
|
||||
|
||||
GIT_TRACE_PACKET="$(pwd)/log" \
|
||||
git -c protocol.version=2 \
|
||||
-c fetch.uriprotocols=http,https \
|
||||
clone "$HTTPD_URL/smart/http_parent" http_child &&
|
||||
|
||||
grep -F "clone< \\1$(cat packh) $HTTPD_URL/<redacted>" log
|
||||
'
|
||||
|
||||
test_expect_success 'packfile-uri path not redacted in trace when GIT_TRACE_REDACT=0' '
|
||||
P="$HTTPD_DOCUMENT_ROOT_PATH/http_parent" &&
|
||||
rm -rf "$P" http_child log &&
|
||||
|
||||
git init "$P" &&
|
||||
git -C "$P" config "uploadpack.allowsidebandall" "true" &&
|
||||
|
||||
echo my-blob >"$P/my-blob" &&
|
||||
git -C "$P" add my-blob &&
|
||||
git -C "$P" commit -m x &&
|
||||
|
||||
git -C "$P" hash-object my-blob >objh &&
|
||||
git -C "$P" pack-objects "$HTTPD_DOCUMENT_ROOT_PATH/mypack" <objh >packh &&
|
||||
git -C "$P" config --add \
|
||||
"uploadpack.blobpackfileuri" \
|
||||
"$(cat objh) $(cat packh) $HTTPD_URL/dumb/mypack-$(cat packh).pack" &&
|
||||
|
||||
GIT_TRACE_PACKET="$(pwd)/log" \
|
||||
GIT_TRACE_REDACT=0 \
|
||||
git -c protocol.version=2 \
|
||||
-c fetch.uriprotocols=http,https \
|
||||
clone "$HTTPD_URL/smart/http_parent" http_child &&
|
||||
|
||||
grep -F "clone< \\1$(cat packh) $HTTPD_URL/dumb/mypack-$(cat packh).pack" log
|
||||
'
|
||||
|
||||
test_expect_success 'http:// --negotiate-only' '
|
||||
SERVER="$HTTPD_DOCUMENT_ROOT_PATH/server" &&
|
||||
URI="$HTTPD_URL/smart/server" &&
|
||||
|
Loading…
Reference in New Issue
Block a user