Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.9.4
Description
The jgit provider attempts to mask the password:
String password = StringUtils.isNotBlank( repository.getPassword() ) ? repository.getPassword().trim() : "no-pwd-defined"; logger.info( "fetch url: " + repository.getFetchUrl().replace( password, "******" ) ); logger.info( "push url: " + repository.getPushUrl().replace( password, "******" ) );
However, the password in the fetchUrl/pushUrl is encoded, while the replacement is not. If the password text changes as part of the encoding the replace doesn't work. The new logic should be something like this:
String password = StringUtils.isNotBlank( repository.getPassword() ) ? repository.getPassword().trim() : "no-pwd-defined"; try { password = URLEncoder.encode( password, "UTF-8" ); } catch (UnsupportedEncodingException e) { // UTF-8 should be valid e.printStackTrace(); } logger.info( "fetch url: " + repository.getFetchUrl().replace( password, "******" ) ); logger.info( "push url: " + repository.getPushUrl().replace( password, "******" ) );
To match the way that the password is encoded when it is added to the URL:
https://github.com/apache/maven-scm/blob/e59eec4e5f66a4bf34144a500899b2114b5e2e4e/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-git-commons/src/main/java/org/apache/maven/scm/provider/git/repository/GitScmProviderRepository.java#L297
Attachments
Issue Links
- relates to
-
SCM-811 m2 release plugin shows SCM git password if fatal occured during git push
-
- Closed
-
- links to
