credential: handle credential.<partial-URL>.<key>
again
In the patches for CVE-2020-11008, the ability to specify credential settings in the config for partial URLs got lost. For example, it used to be possible to specify a credential helper for a specific protocol: [credential "https://"] helper = my-https-helper Likewise, it used to be possible to configure settings for a specific host, e.g.: [credential "dev.azure.com"] useHTTPPath = true Let's reinstate this behavior. While at it, increase the test coverage to document and verify the behavior with a couple other categories of partial URLs. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Reviewed-by: Carlo Marcelo Arenas Belón <carenas@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
parent
6828e5972b
commit
9a121b0d22
18
credential.c
18
credential.c
@ -35,6 +35,10 @@ int credential_match(const struct credential *want,
|
||||
#undef CHECK
|
||||
}
|
||||
|
||||
|
||||
static int credential_from_potentially_partial_url(struct credential *c,
|
||||
const char *url);
|
||||
|
||||
static int credential_config_callback(const char *var, const char *value,
|
||||
void *data)
|
||||
{
|
||||
@ -53,7 +57,13 @@ static int credential_config_callback(const char *var, const char *value,
|
||||
char *url = xmemdupz(key, dot - key);
|
||||
int matched;
|
||||
|
||||
credential_from_url(&want, url);
|
||||
if (credential_from_potentially_partial_url(&want, url) < 0) {
|
||||
warning(_("skipping credential lookup for key: %s"),
|
||||
var);
|
||||
credential_clear(&want);
|
||||
free(url);
|
||||
return 0;
|
||||
}
|
||||
matched = credential_match(&want, c);
|
||||
|
||||
credential_clear(&want);
|
||||
@ -430,6 +440,12 @@ static int credential_from_url_1(struct credential *c, const char *url,
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int credential_from_potentially_partial_url(struct credential *c,
|
||||
const char *url)
|
||||
{
|
||||
return credential_from_url_1(c, url, 1, 0);
|
||||
}
|
||||
|
||||
int credential_from_url_gently(struct credential *c, const char *url, int quiet)
|
||||
{
|
||||
return credential_from_url_1(c, url, 0, quiet);
|
||||
|
@ -448,4 +448,42 @@ test_expect_success 'credential system refuses to work with missing protocol' '
|
||||
test_i18ncmp expect stderr
|
||||
'
|
||||
|
||||
test_expect_success 'credential config with partial URLs' '
|
||||
echo "echo password=yep" | write_script git-credential-yep &&
|
||||
test_write_lines url=https://user@example.com/repo.git >stdin &&
|
||||
for partial in \
|
||||
example.com \
|
||||
user@example.com \
|
||||
https:// \
|
||||
https://example.com \
|
||||
https://example.com/ \
|
||||
https://user@example.com \
|
||||
https://user@example.com/ \
|
||||
https://example.com/repo.git \
|
||||
https://user@example.com/repo.git \
|
||||
/repo.git
|
||||
do
|
||||
git -c credential.$partial.helper=yep \
|
||||
credential fill <stdin >stdout &&
|
||||
grep yep stdout ||
|
||||
return 1
|
||||
done &&
|
||||
|
||||
for partial in \
|
||||
dont.use.this \
|
||||
http:// \
|
||||
/repo
|
||||
do
|
||||
git -c credential.$partial.helper=yep \
|
||||
credential fill <stdin >stdout &&
|
||||
! grep yep stdout ||
|
||||
return 1
|
||||
done &&
|
||||
|
||||
git -c credential.$partial.helper=yep \
|
||||
-c credential.with%0anewline.username=uh-oh \
|
||||
credential fill <stdin >stdout 2>stderr &&
|
||||
test_i18ngrep "skipping credential lookup for key" stderr
|
||||
'
|
||||
|
||||
test_done
|
||||
|
Loading…
Reference in New Issue
Block a user