# HG changeset patch # User Marcin Kuzminski # Date 2016-11-30 16:08:19 # Node ID 859d7a10721b4f10977bdcc2814d08d8c282ff3e # Parent 76a3f0e8db71a8a7c0248d2b4d342c8309640ac7 remote-clones: make sure we always use obfuscated url inside logs. This prevents leaking some secrets into logging data. Fixes #4668 diff --git a/vcsserver/git.py b/vcsserver/git.py --- a/vcsserver/git.py +++ b/vcsserver/git.py @@ -37,7 +37,7 @@ from vcsserver import exceptions, settin from vcsserver.utils import safe_str from vcsserver.base import RepoFactory from vcsserver.hgcompat import ( - hg_url, httpbasicauthhandler, httpdigestauthhandler) + hg_url as url_parser, httpbasicauthhandler, httpdigestauthhandler) DIR_STAT = stat.S_IFDIR @@ -152,7 +152,7 @@ class GitRemote(object): def _build_opener(self, url): handlers = [] - url_obj = hg_url(url) + url_obj = url_parser(url) _, authinfo = url_obj.authinfo() if authinfo: @@ -167,10 +167,11 @@ class GitRemote(object): @reraise_safe_exceptions def check_url(self, url, config): - url_obj = hg_url(url) + url_obj = url_parser(url) test_uri, _ = url_obj.authinfo() url_obj.passwd = '*****' cleaned_uri = str(url_obj) + log.info("Checking URL for remote cloning/import: %s", cleaned_uri) if not test_uri.endswith('info/refs'): test_uri = test_uri.rstrip('/') + '/info/refs' @@ -184,12 +185,14 @@ class GitRemote(object): req = urllib2.Request(cu, None, {}) try: + log.debug("Trying to open URL %s", cleaned_uri) resp = o.open(req) if resp.code != 200: - raise Exception('Return Code is not 200') + raise exceptions.URLError('Return Code is not 200') except Exception as e: + log.warning("URL cannot be opened: %s", cleaned_uri, exc_info=True) # means it cannot be cloned - raise urllib2.URLError("[%s] org_exc: %s" % (cleaned_uri, e)) + raise exceptions.URLError("[%s] org_exc: %s" % (cleaned_uri, e)) # now detect if it's proper git repo gitdata = resp.read() @@ -199,7 +202,7 @@ class GitRemote(object): # old style git can return some other format ! pass else: - raise urllib2.URLError( + raise exceptions.URLError( "url [%s] does not look like an git" % (cleaned_uri,)) return True @@ -327,7 +330,7 @@ class GitRemote(object): if url != 'default' and '://' not in url: client = LocalGitClient(url) else: - url_obj = hg_url(url) + url_obj = url_parser(url) o = self._build_opener(url) url, _ = url_obj.authinfo() client = HttpGitClient(base_url=url, opener=o) diff --git a/vcsserver/hg.py b/vcsserver/hg.py --- a/vcsserver/hg.py +++ b/vcsserver/hg.py @@ -30,11 +30,11 @@ from mercurial import unionrepo from vcsserver import exceptions from vcsserver.base import RepoFactory from vcsserver.hgcompat import ( - archival, bin, clone, config as hgconfig, diffopts, hex, hg_url, - httpbasicauthhandler, httpdigestauthhandler, httppeer, localrepository, - match, memctx, exchange, memfilectx, nullrev, patch, peer, revrange, ui, - Abort, LookupError, RepoError, RepoLookupError, InterventionRequired, - RequirementError) + archival, bin, clone, config as hgconfig, diffopts, hex, + hg_url as url_parser, httpbasicauthhandler, httpdigestauthhandler, + httppeer, localrepository, match, memctx, exchange, memfilectx, nullrev, + patch, peer, revrange, ui, Abort, LookupError, RepoError, RepoLookupError, + InterventionRequired, RequirementError) log = logging.getLogger(__name__) @@ -321,16 +321,16 @@ class HgRemote(object): @reraise_safe_exceptions def check_url(self, url, config): - log.info("Checking URL for remote cloning/import: %s", url) _proto = None if '+' in url[:url.find('://')]: _proto = url[0:url.find('+')] url = url[url.find('+') + 1:] handlers = [] - url_obj = hg_url(url) + url_obj = url_parser(url) test_uri, authinfo = url_obj.authinfo() url_obj.passwd = '*****' cleaned_uri = str(url_obj) + log.info("Checking URL for remote cloning/import: %s", cleaned_uri) if authinfo: # create a password manager @@ -351,12 +351,12 @@ class HgRemote(object): req = urllib2.Request(cu, None, {}) try: - log.debug("Trying to open URL %s", url) + log.debug("Trying to open URL %s", cleaned_uri) resp = o.open(req) if resp.code != 200: raise exceptions.URLError('Return Code is not 200') except Exception as e: - log.warning("URL cannot be opened: %s", url, exc_info=True) + log.warning("URL cannot be opened: %s", cleaned_uri, exc_info=True) # means it cannot be cloned raise exceptions.URLError("[%s] org_exc: %s" % (cleaned_uri, e)) @@ -367,15 +367,17 @@ class HgRemote(object): else: # check for pure hg repos log.debug( - "Verifying if URL is a Mercurial repository: %s", url) + "Verifying if URL is a Mercurial repository: %s", + cleaned_uri) httppeer(make_ui_from_config(config), url).lookup('tip') except Exception as e: - log.warning("URL is not a valid Mercurial repository: %s", url) + log.warning("URL is not a valid Mercurial repository: %s", + cleaned_uri) raise exceptions.URLError( "url [%s] does not look like an hg repo org_exc: %s" % (cleaned_uri, e)) - log.info("URL is a valid Mercurial repository: %s", url) + log.info("URL is a valid Mercurial repository: %s", cleaned_uri) return True @reraise_safe_exceptions