kernel
/
git
mirror of https://git.kernel.org/pub/scm/git/git.git
1
0
Fork 0
Code Releases Activity

Merge branch 'if/redact-packfile-uri' 

Redact the path part of packfile URI that appears in the trace output.

* if/redact-packfile-uri:
  http-fetch: redact url on die() message
  fetch-pack: redact packfile urls in traces
maint
Junio C Hamano 2021-12-10 14:35:04 -08:00
parent 23c83fc473 0ba558ffb1
commit b5e7f5e5b1
6 changed files with 111 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Documentation/git.txt
View File

@ -832,8 +832,9 @@ for full details.


`GIT_TRACE_REDACT`:: `GIT_TRACE_REDACT`::
By default, when tracing is activated, Git redacts the values of By default, when tracing is activated, Git redacts the values of
cookies, the "Authorization:" header, and the "Proxy-Authorization:" cookies, the "Authorization:" header, the "Proxy-Authorization:"
header. Set this variable to `0` to prevent this redaction. header and packfile URIs. Set this variable to `0` to prevent this
redaction.


`GIT_LITERAL_PATHSPECS`:: `GIT_LITERAL_PATHSPECS`::
Setting this variable to `1` will cause Git to treat all Setting this variable to `1` will cause Git to treat all

5
fetch-pack.c
View File

@ -1653,8 +1653,13 @@ static struct ref *do_fetch_pack_v2(struct fetch_pack_args *args,
receive_wanted_refs(&reader, sought, nr_sought); receive_wanted_refs(&reader, sought, nr_sought);


/* get the pack(s) */ /* get the pack(s) */
if (git_env_bool("GIT_TRACE_REDACT", 1))
reader.options |= PACKET_READ_REDACT_URI_PATH;
if (process_section_header(&reader, "packfile-uris", 1)) if (process_section_header(&reader, "packfile-uris", 1))
receive_packfile_uris(&reader, &packfile_uris); receive_packfile_uris(&reader, &packfile_uris);
/* We don't expect more URIs. Reset to avoid expensive URI check. */
reader.options &= ~PACKET_READ_REDACT_URI_PATH;

process_section_header(&reader, "packfile", 0); process_section_header(&reader, "packfile", 0);


/* /*

12
http-fetch.c
View File

@ -4,6 +4,7 @@
#include "http.h" #include "http.h"
#include "walker.h" #include "walker.h"
#include "strvec.h" #include "strvec.h"
#include "urlmatch.h"


static const char http_fetch_usage[] = "git http-fetch " static const char http_fetch_usage[] = "git http-fetch "
"[-c] [-t] [-a] [-v] [--recover] [-w ref] [--stdin | --packfile=hash | commit-id] url"; "[-c] [-t] [-a] [-v] [--recover] [-w ref] [--stdin | --packfile=hash | commit-id] url";
@ -63,8 +64,17 @@ static void fetch_single_packfile(struct object_id *packfile_hash,
if (start_active_slot(preq->slot)) { if (start_active_slot(preq->slot)) {
run_active_slot(preq->slot); run_active_slot(preq->slot);
if (results.curl_result != CURLE_OK) { if (results.curl_result != CURLE_OK) {
die("Unable to get pack file %s\n%s", preq->url, struct url_info url;
char *nurl = url_normalize(preq->url, &url);
if (!nurl || !git_env_bool("GIT_TRACE_REDACT", 1)) {
die("unable to get pack file '%s'\n%s", preq->url,
curl_errorstr); curl_errorstr);
} else {
die("failed to get '%.*s' url from '%.*s' "
"(full URL redacted due to GIT_TRACE_REDACT setting)\n%s",
(int)url.scheme_len, url.url,
(int)url.host_len, &url.url[url.host_off], curl_errorstr);
}
} }
} else { } else {
die("Unable to start request"); die("Unable to start request");

38
pkt-line.c
View File

@ -370,6 +370,32 @@ int packet_length(const char lenbuf_hex[4])
return (val < 0) ? val : (val << 8) | hex2chr(lenbuf_hex + 2); return (val < 0) ? val : (val << 8) | hex2chr(lenbuf_hex + 2);
} }


static char *find_packfile_uri_path(const char *buffer)
{
const char *URI_MARK = "://";
char *path;
int len;

/* First char is sideband mark */
buffer += 1;

len = strspn(buffer, "0123456789abcdefABCDEF");
/* size of SHA1 and SHA256 hash */
if (!(len == 40 || len == 64) || buffer[len] != ' ')
return NULL; /* required "<hash>SP" not seen */

path = strstr(buffer + len + 1, URI_MARK);
if (!path)
return NULL;

path = strchr(path + strlen(URI_MARK), '/');
if (!path || !*(path + 1))
return NULL;

/* position after '/' */
return ++path;
}

enum packet_read_status packet_read_with_status(int fd, char **src_buffer, enum packet_read_status packet_read_with_status(int fd, char **src_buffer,
size_t *src_len, char *buffer, size_t *src_len, char *buffer,
unsigned size, int *pktlen, unsigned size, int *pktlen,
@ -377,6 +403,7 @@ enum packet_read_status packet_read_with_status(int fd, char **src_buffer,
{ {
int len; int len;
char linelen[4]; char linelen[4];
char *uri_path_start;


if (get_packet_data(fd, src_buffer, src_len, linelen, 4, options) < 0) { if (get_packet_data(fd, src_buffer, src_len, linelen, 4, options) < 0) {
*pktlen = -1; *pktlen = -1;
@ -427,7 +454,18 @@ enum packet_read_status packet_read_with_status(int fd, char **src_buffer,
len--; len--;


buffer[len] = 0; buffer[len] = 0;
if (options & PACKET_READ_REDACT_URI_PATH &&
(uri_path_start = find_packfile_uri_path(buffer))) {
const char *redacted = "<redacted>";
struct strbuf tracebuf = STRBUF_INIT;
strbuf_insert(&tracebuf, 0, buffer, len);
strbuf_splice(&tracebuf, uri_path_start - buffer,
strlen(uri_path_start), redacted, strlen(redacted));
packet_trace(tracebuf.buf, tracebuf.len, 0);
strbuf_release(&tracebuf);
} else {
packet_trace(buffer, len, 0); packet_trace(buffer, len, 0);
}


if ((options & PACKET_READ_DIE_ON_ERR_PACKET) && if ((options & PACKET_READ_DIE_ON_ERR_PACKET) &&
starts_with(buffer, "ERR ")) starts_with(buffer, "ERR "))

1
pkt-line.h
View File

@ -87,6 +87,7 @@ void packet_fflush(FILE *f);
#define PACKET_READ_CHOMP_NEWLINE (1u<<1) #define PACKET_READ_CHOMP_NEWLINE (1u<<1)
#define PACKET_READ_DIE_ON_ERR_PACKET (1u<<2) #define PACKET_READ_DIE_ON_ERR_PACKET (1u<<2)
#define PACKET_READ_GENTLE_ON_READ_ERROR (1u<<3) #define PACKET_READ_GENTLE_ON_READ_ERROR (1u<<3)
#define PACKET_READ_REDACT_URI_PATH (1u<<4)
int packet_read(int fd, char *buffer, unsigned size, int options); int packet_read(int fd, char *buffer, unsigned size, int options);


/* /*

51
t/t5702-protocol-v2.sh
View File

@ -1107,6 +1107,57 @@ test_expect_success 'packfile-uri with transfer.fsckobjects fails when .gitmodul
test_i18ngrep "disallowed submodule name" err test_i18ngrep "disallowed submodule name" err
' '


test_expect_success 'packfile-uri path redacted in trace' '
P="$HTTPD_DOCUMENT_ROOT_PATH/http_parent" &&
rm -rf "$P" http_child log &&

git init "$P" &&
git -C "$P" config "uploadpack.allowsidebandall" "true" &&

echo my-blob >"$P/my-blob" &&
git -C "$P" add my-blob &&
git -C "$P" commit -m x &&

git -C "$P" hash-object my-blob >objh &&
git -C "$P" pack-objects "$HTTPD_DOCUMENT_ROOT_PATH/mypack" <objh >packh &&
git -C "$P" config --add \
"uploadpack.blobpackfileuri" \
"$(cat objh) $(cat packh) $HTTPD_URL/dumb/mypack-$(cat packh).pack" &&

GIT_TRACE_PACKET="$(pwd)/log" \
git -c protocol.version=2 \
-c fetch.uriprotocols=http,https \
clone "$HTTPD_URL/smart/http_parent" http_child &&

grep -F "clone< \\1$(cat packh) $HTTPD_URL/<redacted>" log
'

test_expect_success 'packfile-uri path not redacted in trace when GIT_TRACE_REDACT=0' '
P="$HTTPD_DOCUMENT_ROOT_PATH/http_parent" &&
rm -rf "$P" http_child log &&

git init "$P" &&
git -C "$P" config "uploadpack.allowsidebandall" "true" &&

echo my-blob >"$P/my-blob" &&
git -C "$P" add my-blob &&
git -C "$P" commit -m x &&

git -C "$P" hash-object my-blob >objh &&
git -C "$P" pack-objects "$HTTPD_DOCUMENT_ROOT_PATH/mypack" <objh >packh &&
git -C "$P" config --add \
"uploadpack.blobpackfileuri" \
"$(cat objh) $(cat packh) $HTTPD_URL/dumb/mypack-$(cat packh).pack" &&

GIT_TRACE_PACKET="$(pwd)/log" \
GIT_TRACE_REDACT=0 \
git -c protocol.version=2 \
-c fetch.uriprotocols=http,https \
clone "$HTTPD_URL/smart/http_parent" http_child &&

grep -F "clone< \\1$(cat packh) $HTTPD_URL/dumb/mypack-$(cat packh).pack" log
'

test_expect_success 'http:// --negotiate-only' ' test_expect_success 'http:// --negotiate-only' '
SERVER="$HTTPD_DOCUMENT_ROOT_PATH/server" && SERVER="$HTTPD_DOCUMENT_ROOT_PATH/server" &&
URI="$HTTPD_URL/smart/server" && URI="$HTTPD_URL/smart/server" &&