Uploaded image for project: 'Maven SCM'
  1. Maven SCM
  2. SCM-817

Jgit provider exposes password if it contains special characters

    Details

      Description

      The jgit provider attempts to mask the password:

      String password =
                  StringUtils.isNotBlank( repository.getPassword() ) ? repository.getPassword().trim() : "no-pwd-defined";
      logger.info( "fetch url: " + repository.getFetchUrl().replace( password, "******" ) );
      logger.info( "push url: " + repository.getPushUrl().replace( password, "******" ) );
      

      from
      https://github.com/apache/maven-scm/blob/maven-scm-1.9.4/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-jgit/src/main/java/org/apache/maven/scm/provider/git/jgit/command/JGitUtils.java#L134

      However, the password in the fetchUrl/pushUrl is encoded, while the replacement is not. If the password text changes as part of the encoding the replace doesn't work. The new logic should be something like this:

      String password =
                  StringUtils.isNotBlank( repository.getPassword() ) ? repository.getPassword().trim() : "no-pwd-defined";
      try {
          password = URLEncoder.encode( password, "UTF-8" );
      } catch (UnsupportedEncodingException e) {
          // UTF-8 should be valid
          e.printStackTrace();
      }
      logger.info( "fetch url: " + repository.getFetchUrl().replace( password, "******" ) );
      logger.info( "push url: " + repository.getPushUrl().replace( password, "******" ) );
      

      To match the way that the password is encoded when it is added to the URL:
      https://github.com/apache/maven-scm/blob/e59eec4e5f66a4bf34144a500899b2114b5e2e4e/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-git-commons/src/main/java/org/apache/maven/scm/provider/git/repository/GitScmProviderRepository.java#L297

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                olamy Olivier Lamy (*$^¨%`£)
                Reporter:
                pmv Paul Vonnahme
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: