subrepo: mask out passwords embedded in the messages displaying a URL stable
authorMatt Harbison <matt_harbison@yahoo.com>
Tue, 11 Sep 2018 13:52:17 -0400
branchstable
changeset 39547 41ac8ea1bdd7
parent 39455 6af7765bdb7c
child 39622 20dbca581727
child 39799 f28812c708a5
subrepo: mask out passwords embedded in the messages displaying a URL I noticed the password in maintenance logs for the "no changes since last push" and "pushing to" messages when pushing with an explicit path. But the test case here with :pushurl was also affected. I didn't see that cloning or pulling subrepos on demand had this problem, but it seems safer to just mask that too. There's a bit of a disconnect here, because it looks like clone is slicing off the password (makes sense not to store it in the hgrc in cleartext). But not shearing it off of an explicit path causes the subrepo not to realize that it already pushed the latest stuff. This is the easiest fix, however.
mercurial/subrepo.py
tests/test-subrepo-relative-path.t
--- a/mercurial/subrepo.py	Wed Sep 05 16:39:47 2018 -0400
+++ b/mercurial/subrepo.py	Tue Sep 11 13:52:17 2018 -0400
@@ -655,7 +655,7 @@
                     shareopts = {}
 
                 self.ui.status(_('cloning subrepo %s from %s\n')
-                               % (subrelpath(self), srcurl))
+                               % (subrelpath(self), util.hidepassword(srcurl)))
                 other, cloned = hg.clone(self._repo._subparent.baseui, {},
                                          other, self._repo.root,
                                          update=False, shareopts=shareopts)
@@ -664,7 +664,7 @@
             self._cachestorehash(srcurl)
         else:
             self.ui.status(_('pulling subrepo %s from %s\n')
-                           % (subrelpath(self), srcurl))
+                           % (subrelpath(self), util.hidepassword(srcurl)))
             cleansub = self.storeclean(srcurl)
             exchange.pull(self._repo, other)
             if cleansub:
@@ -735,10 +735,10 @@
             if self.storeclean(dsturl):
                 self.ui.status(
                     _('no changes made to subrepo %s since last push to %s\n')
-                    % (subrelpath(self), dsturl))
+                    % (subrelpath(self), util.hidepassword(dsturl)))
                 return None
         self.ui.status(_('pushing subrepo %s to %s\n') %
-            (subrelpath(self), dsturl))
+            (subrelpath(self), util.hidepassword(dsturl)))
         other = hg.peer(self._repo, {'ssh': ssh}, dsturl)
         res = exchange.push(self._repo, other, force, newbranch=newbranch)
 
--- a/tests/test-subrepo-relative-path.t	Wed Sep 05 16:39:47 2018 -0400
+++ b/tests/test-subrepo-relative-path.t	Tue Sep 11 13:52:17 2018 -0400
@@ -39,7 +39,7 @@
 
 Clone main from hgweb
 
-  $ hg clone "http://localhost:$HGPORT/main" cloned
+  $ hg clone "http://user:pass@localhost:$HGPORT/main" cloned
   requesting all changes
   adding changesets
   adding manifests
@@ -47,7 +47,7 @@
   added 1 changesets with 3 changes to 3 files
   new changesets fdfeeb3e979e
   updating to branch default
-  cloning subrepo sub from http://localhost:$HGPORT/sub
+  cloning subrepo sub from http://user@localhost:$HGPORT/sub
   requesting all changes
   adding changesets
   adding manifests
@@ -60,21 +60,28 @@
 
   $ cat > cloned/.hg/hgrc << EOF
   > [paths]
-  > default:pushurl = http://localhost:$HGPORT/main
+  > default:pushurl = http://user:pass@localhost:$HGPORT/main
   > EOF
 
   $ hg -R cloned out -S --config paths.default=bogus://invalid
-  comparing with http://localhost:$HGPORT/main
+  comparing with http://user:***@localhost:$HGPORT/main
   searching for changes
   no changes found
-  comparing with http://localhost:$HGPORT/sub
+  comparing with http://user:***@localhost:$HGPORT/sub
   searching for changes
   no changes found
   [1]
 
+TODO: Figure out why, if the password is left out of the default:pushurl URL,
+this says "no changes made to subrepo sub since last push".  It looks like from
+the original clone command above, the password is getting stripped off, not
+just masked out, and that would make the hashed URL different.
+
   $ hg -R cloned push --config paths.default=bogus://invalid
-  pushing to http://localhost:$HGPORT/main
-  no changes made to subrepo sub since last push to http://localhost:$HGPORT/sub
+  pushing to http://user:***@localhost:$HGPORT/main
+  pushing subrepo sub to http://user:***@localhost:$HGPORT/sub
+  searching for changes
+  no changes found
   searching for changes
   no changes found
   abort: HTTP Error 403: ssl required