Censor credentials possibly present in Git remote URIs when pulls fail because of a URI mismatch

Summary: Fixes T12945. Test Plan: Mostly faked this, got a censored error: ``` $ ./bin/repository update R38 [2017-07-31 19:40:13] EXCEPTION: (Exception) Working copy at "/Users/epriestley/dev/core/repo/local/38/" has a mismatched origin URI, "https://********@example.com/". The expected origin URI is "https://github.com/phacility/libphutil.git". Fix your configuration, or set the remote URI correctly. To avoid breaking anything, Phabricator will not automatically fix this. at [<phabricator>/src/applications/repository/engine/PhabricatorRepositoryEngine.php:186] ``` Reviewers: chad Reviewed By: chad Maniphest Tasks: T12945 Differential Revision: https://secure.phabricator.com/D18304
2024-11-22 14:52:41 +01:00 · 2017-07-31 09:40:29 -07:00 · 2017-07-31 09:40:29 -07:00 · a546b029b0
commit a546b029b0
parent 1b63a1bd43
1 changed files with 7 additions and 2 deletions
--- a/src/applications/repository/engine/PhabricatorRepositoryEngine.php
+++ b/src/applications/repository/engine/PhabricatorRepositoryEngine.php
@ -135,6 +135,11 @@ abstract class PhabricatorRepositoryEngine extends Phobject {
      $exists = true;
    }

+    // These URIs may have plaintext HTTP credentials. If they do, censor
+    // them for display. See T12945.
+    $display_remote = phutil_censor_credentials($remote_uri);
+    $display_expect = phutil_censor_credentials($expect_remote);
+
    if (!$valid) {
      if (!$exists) {
        // If there's no "origin" remote, just create it regardless of how
@ -172,8 +177,8 @@ abstract class PhabricatorRepositoryEngine extends Phobject {
            'set the remote URI correctly. To avoid breaking anything, '.
            'Phabricator will not automatically fix this.',
            $repository->getLocalPath(),
-            $remote_uri,
-            $expect_remote);
+            $display_remote,
+            $display_expect);
          throw new Exception($message);
        }
      }