credential: handle credential.<partial-URL>.<key> again

In the patches for CVE-2020-11008, the ability to specify credential
settings in the config for partial URLs got lost. For example, it used
to be possible to specify a credential helper for a specific protocol:

	[credential "https://"]
		helper = my-https-helper

Likewise, it used to be possible to configure settings for a specific
host, e.g.:

	[credential "dev.azure.com"]
		useHTTPPath = true

Let's reinstate this behavior.

While at it, increase the test coverage to document and verify the
behavior with a couple other categories of partial URLs.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Reviewed-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Johannes Schindelin 2020-04-24 11:49:52 +00:00 committed by Junio C Hamano
parent 6828e5972b
commit 9a121b0d22
2 changed files with 55 additions and 1 deletions

View File

@ -35,6 +35,10 @@ int credential_match(const struct credential *want,
#undef CHECK
}
static int credential_from_potentially_partial_url(struct credential *c,
const char *url);
static int credential_config_callback(const char *var, const char *value,
void *data)
{
@ -53,7 +57,13 @@ static int credential_config_callback(const char *var, const char *value,
char *url = xmemdupz(key, dot - key);
int matched;
credential_from_url(&want, url);
if (credential_from_potentially_partial_url(&want, url) < 0) {
warning(_("skipping credential lookup for key: %s"),
var);
credential_clear(&want);
free(url);
return 0;
}
matched = credential_match(&want, c);
credential_clear(&want);
@ -430,6 +440,12 @@ static int credential_from_url_1(struct credential *c, const char *url,
return 0;
}
static int credential_from_potentially_partial_url(struct credential *c,
const char *url)
{
return credential_from_url_1(c, url, 1, 0);
}
int credential_from_url_gently(struct credential *c, const char *url, int quiet)
{
return credential_from_url_1(c, url, 0, quiet);

View File

@ -448,4 +448,42 @@ test_expect_success 'credential system refuses to work with missing protocol' '
test_i18ncmp expect stderr
'
test_expect_success 'credential config with partial URLs' '
echo "echo password=yep" | write_script git-credential-yep &&
test_write_lines url=https://user@example.com/repo.git >stdin &&
for partial in \
example.com \
user@example.com \
https:// \
https://example.com \
https://example.com/ \
https://user@example.com \
https://user@example.com/ \
https://example.com/repo.git \
https://user@example.com/repo.git \
/repo.git
do
git -c credential.$partial.helper=yep \
credential fill <stdin >stdout &&
grep yep stdout ||
return 1
done &&
for partial in \
dont.use.this \
http:// \
/repo
do
git -c credential.$partial.helper=yep \
credential fill <stdin >stdout &&
! grep yep stdout ||
return 1
done &&
git -c credential.$partial.helper=yep \
-c credential.with%0anewline.username=uh-oh \
credential fill <stdin >stdout 2>stderr &&
test_i18ngrep "skipping credential lookup for key" stderr
'
test_done