Mercurial > hg

diff mercurial/subrepo.py @ 39547:41ac8ea1bdd7 stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
subrepo: mask out passwords embedded in the messages displaying a URL I noticed the password in maintenance logs for the "no changes since last push" and "pushing to" messages when pushing with an explicit path. But the test case here with :pushurl was also affected. I didn't see that cloning or pulling subrepos on demand had this problem, but it seems safer to just mask that too. There's a bit of a disconnect here, because it looks like clone is slicing off the password (makes sense not to store it in the hgrc in cleartext). But not shearing it off of an explicit path causes the subrepo not to realize that it already pushed the latest stuff. This is the easiest fix, however.
author Matt Harbison <matt_harbison@yahoo.com>
date Tue, 11 Sep 2018 13:52:17 -0400
parents 760cc5dc01e8
children c31ce080eb75
line wrap: on
line diff
--- a/mercurial/subrepo.py	Wed Sep 05 16:39:47 2018 -0400
+++ b/mercurial/subrepo.py	Tue Sep 11 13:52:17 2018 -0400
@@ -655,7 +655,7 @@
                     shareopts = {}
 
                 self.ui.status(_('cloning subrepo %s from %s\n')
-                               % (subrelpath(self), srcurl))
+                               % (subrelpath(self), util.hidepassword(srcurl)))
                 other, cloned = hg.clone(self._repo._subparent.baseui, {},
                                          other, self._repo.root,
                                          update=False, shareopts=shareopts)
@@ -664,7 +664,7 @@
             self._cachestorehash(srcurl)
         else:
             self.ui.status(_('pulling subrepo %s from %s\n')
-                           % (subrelpath(self), srcurl))
+                           % (subrelpath(self), util.hidepassword(srcurl)))
             cleansub = self.storeclean(srcurl)
             exchange.pull(self._repo, other)
             if cleansub:
@@ -735,10 +735,10 @@
             if self.storeclean(dsturl):
                 self.ui.status(
                     _('no changes made to subrepo %s since last push to %s\n')
-                    % (subrelpath(self), dsturl))
+                    % (subrelpath(self), util.hidepassword(dsturl)))
                 return None
         self.ui.status(_('pushing subrepo %s to %s\n') %
-            (subrelpath(self), dsturl))
+            (subrelpath(self), util.hidepassword(dsturl)))
         other = hg.peer(self._repo, {'ssh': ssh}, dsturl)
         res = exchange.push(self._repo, other, force, newbranch=newbranch)