From 05af074f7d6f66ce400241e869e623eb72b85c01 Mon Sep 17 00:00:00 2001
From: Karen Arutyunov <karen@codesynthesis.com>
Date: Mon, 4 Jun 2018 18:47:16 +0300
Subject: Fix mrrepo script to filter out remote URL credentials from
 diagnostics

---
 server/mrrepo | 35 +++++++++++++++++++++++++++--------
 1 file changed, 27 insertions(+), 8 deletions(-)

(limited to 'server/mrrepo')

diff --git a/server/mrrepo b/server/mrrepo
index aae1e54..029ce35 100755
--- a/server/mrrepo
+++ b/server/mrrepo
@@ -134,10 +134,13 @@ function field () # <line> <num> [<name>]
 }
 
 # Collect new repositories (in the new array) and while at it fix up remote
-# URLs with credentials (in the remotes map).
+# URLs with credentials (in the auth_remotes map). Note that we still save
+# original remote URLs to use them for diagnostics not to expose credentials
+# (think about cron job diagnostics sent by email).
 #
 new=()
-declare -A remotes
+declare -A orig_remotes
+declare -A auth_remotes
 
 while read l || [ -n "$l" ]; do
   r=$(field "$l" 1 'path')
@@ -149,6 +152,8 @@ while read l || [ -n "$l" ]; do
   # Note that currently we only support adding credentials for https URLs.
   #
   if [ -n "$u" ]; then
+    orig_remotes["$r"]="$u"
+
     for p in "${!credentials[@]}"; do
       if [[ "$u" == "$p"* ]]; then
         c="${credentials[$p]}"
@@ -157,7 +162,7 @@ while read l || [ -n "$l" ]; do
       fi
     done
 
-    remotes["$r"]="$u"
+    auth_remotes["$r"]="$u"
   fi
 done < <(sed -e '/^\s*#/d;/^\s*$/d;s/\s\s*/ /g' manifest)
 
@@ -201,17 +206,31 @@ for r in "${new[@]}"; do
 
   # Mirror to the remote URL, if present.
   #
-  u="${remotes[$r]}"
-  if [ -n "$u" ]; then
+  au="${auth_remotes[$r]}"
+  if [ -n "$au" ]; then
+    cmd=( git -C "$r" push "${git_ops[@]}" --mirror "$au" )
+
+    # Note that in the verbose mode, for troubleshooting, we still print the
+    # URLs that possibly contain credentials.
+    #
     if [ "$verb" -ge 1 ]; then
-      info "remote URL $u for repository $r, pushing"
-      info git -C "$r" push "${git_ops[@]}" --mirror "$u"
+      info "remote URL $au for repository $r, pushing"
+      info "${cmd[@]}"
     fi
 
     # Disable prompting for username/password if credentials are missing for
     # the remote URL and fail instead.
     #
-    GIT_TERMINAL_PROMPT=0 git -C "$r" push "${git_ops[@]}" --mirror "$u"
+    # If the remote URL differs from the original one then it contains
+    # credentials. It may potentially appear in git's STDERR, so we replace all
+    # its occurrences with the original one, not containing credentials.
+    #
+    ou="${orig_remotes[$r]}"
+    if [ "$au" != "$ou" ]; then
+      GIT_TERMINAL_PROMPT=0 "${cmd[@]}" 2>&1 | sed "s%$au%$ou%g" >&2
+    else
+      GIT_TERMINAL_PROMPT=0 "${cmd[@]}"
+    fi
   fi
 done
 
-- 
cgit v1.1