From 708cb2c5e44febe1447c9df81fa7ea9127c83c6c Mon Sep 17 00:00:00 2001
From: et80225 <ludovic.lebegue@bred.fr>
Date: Fri, 10 Oct 2014 14:32:41 +0200
Subject: [PATCH 1/2] SCM-764 : Fix password displayed in cl.toString()

---
 .../gitexe/command/GitCommandLineUtils.java   | 23 ++++++++-
 .../command/tag/AnonymousCommandLine.java     | 50 +++++++++++++++++++
 .../git/gitexe/command/tag/GitTagCommand.java |  2 +-
 .../gitexe/command/tag/GitTagCommandTest.java | 18 ++++++-
 .../org/apache/maven/scm/ScmTestCase.java     |  5 +-
 5 files changed, 93 insertions(+), 5 deletions(-)
 create mode 100644 maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/tag/AnonymousCommandLine.java

diff --git a/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/GitCommandLineUtils.java b/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/GitCommandLineUtils.java
index f0234b653..890c13e06 100644
--- a/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/GitCommandLineUtils.java
+++ b/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/GitCommandLineUtils.java
@@ -21,6 +21,7 @@
 
 import org.apache.maven.scm.ScmException;
 import org.apache.maven.scm.log.ScmLogger;
+import org.apache.maven.scm.provider.git.gitexe.command.tag.AnonymousCommandLine;
 import org.codehaus.plexus.util.cli.CommandLineException;
 import org.codehaus.plexus.util.cli.CommandLineUtils;
 import org.codehaus.plexus.util.cli.Commandline;
@@ -90,6 +91,26 @@ public static Commandline getBaseGitCommandLine( File workingDirectory, String c
 
         Commandline cl = new Commandline();
 
+        composeCommandLine(workingDirectory, command, cl);
+
+        return cl;
+    }
+
+    public static Commandline getAnonymousBaseGitCommandLine( File workingDirectory, String command )
+    {
+        if ( command == null || command.length() == 0 )
+        {
+            return null;
+        }
+
+        Commandline cl = new AnonymousCommandLine();
+
+        composeCommandLine(workingDirectory, command, cl);
+
+        return cl;
+    }
+
+    private static void composeCommandLine(File workingDirectory, String command, Commandline cl) {
         cl.setExecutable( "git" );
 
         cl.createArg().setValue( command );
@@ -98,8 +119,6 @@ public static Commandline getBaseGitCommandLine( File workingDirectory, String c
         {
             cl.setWorkingDirectory( workingDirectory.getAbsolutePath() );
         }
-
-        return cl;
     }
 
     public static int execute( Commandline cl, StreamConsumer consumer, CommandLineUtils.StringStreamConsumer stderr,
diff --git a/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/tag/AnonymousCommandLine.java b/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/tag/AnonymousCommandLine.java
new file mode 100644
index 000000000..4a0c46d06
--- /dev/null
+++ b/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/tag/AnonymousCommandLine.java
@@ -0,0 +1,50 @@
+package org.apache.maven.scm.provider.git.gitexe.command.tag;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.codehaus.plexus.util.cli.Commandline;
+
+public class AnonymousCommandLine extends Commandline 
+{
+
+    private Pattern passwordPattern = Pattern.compile("^.*:(.*)@.*$");
+
+    /**
+     * Provides an anonymous output to mask password.
+     * Considering URL of type : &lt;&lt;protocol&gt;&gt;://&lt;&lt;user&gt;&gt;:&lt;&lt;password&gt;&gt;@&lt;&lt;host_definition&gt;&gt;
+     */
+    @Override
+    public String toString() 
+    {
+        String output = super.toString();
+        final Matcher passwordMatcher = passwordPattern.matcher(output);
+        if (passwordMatcher.find()) 
+        {
+            // clear password
+            final String clearPassword = passwordMatcher.group(1);
+            // to be replaced in output by stars
+            output = output.replace(clearPassword, "********");
+        }
+        return output;
+    }
+}
diff --git a/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/tag/GitTagCommand.java b/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/tag/GitTagCommand.java
index daf95765f..faa869a30 100644
--- a/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/tag/GitTagCommand.java
+++ b/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/tag/GitTagCommand.java
@@ -160,7 +160,7 @@ public static Commandline createCommandLine( GitScmProviderRepository repository
     public static Commandline createPushCommandLine( GitScmProviderRepository repository, ScmFileSet fileSet, String tag )
         throws ScmException
     {
-        Commandline cl = GitCommandLineUtils.getBaseGitCommandLine( fileSet.getBasedir(), "push" );
+        Commandline cl = GitCommandLineUtils.getAnonymousBaseGitCommandLine( fileSet.getBasedir(), "push" );
 
         cl.createArg().setValue( repository.getPushUrl() );
         cl.createArg().setValue( "refs/tags/" + tag );
diff --git a/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/test/java/org/apache/maven/scm/provider/git/gitexe/command/tag/GitTagCommandTest.java b/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/test/java/org/apache/maven/scm/provider/git/gitexe/command/tag/GitTagCommandTest.java
index 68c475043..67673aca2 100644
--- a/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/test/java/org/apache/maven/scm/provider/git/gitexe/command/tag/GitTagCommandTest.java
+++ b/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/test/java/org/apache/maven/scm/provider/git/gitexe/command/tag/GitTagCommandTest.java
@@ -51,7 +51,6 @@ public void setUp()
         messageFileString = "-F " + path;
     }
 
-
     public void testCommandLineTag()
         throws Exception
     {
@@ -65,6 +64,23 @@ public void testCommandLineWithUsernameAndTag()
                          "git tag " + messageFileString + " my-tag-1" );
     }
 
+    public void testPushCommandLineWithUsernameAndPassword()
+        throws Exception
+    {
+        String scmUrl="scm:git:https://user:password@foo.com/git/trunk";
+        String tag ="my-tag-1";
+        ScmRepository repository = getScmManager().makeScmRepository(scmUrl);
+        GitScmProviderRepository gitRepository = (GitScmProviderRepository) repository.getProviderRepository();
+        Commandline cl = GitTagCommand.createPushCommandLine( gitRepository, getScmFileSet(), tag );
+        assertCommandLine( "git push https://user:password@foo.com/git/trunk refs/tags/my-tag-1", null, cl );
+
+        String scmUrlFakeForTest="scm:git:https://user:******@foo.com/git/trunk";
+        repository = getScmManager().makeScmRepository( scmUrlFakeForTest );
+        gitRepository = (GitScmProviderRepository) repository.getProviderRepository();
+        Commandline clFakeForTest = GitTagCommand.createPushCommandLine( gitRepository, getScmFileSet(), tag );
+        assertEquals( cl.toString(),clFakeForTest.toString() );
+    }
+
     // ----------------------------------------------------------------------
     //
     // ----------------------------------------------------------------------
diff --git a/maven-scm-test/src/main/java/org/apache/maven/scm/ScmTestCase.java b/maven-scm-test/src/main/java/org/apache/maven/scm/ScmTestCase.java
index b83cd82e8..f848b4779 100644
--- a/maven-scm-test/src/main/java/org/apache/maven/scm/ScmTestCase.java
+++ b/maven-scm-test/src/main/java/org/apache/maven/scm/ScmTestCase.java
@@ -361,7 +361,10 @@ public void assertCommandLine( String expectedCommand, File expectedWorkingDirec
         {
             cl.setWorkingDirectory( expectedWorkingDirectory.getAbsolutePath() );
         }
-        assertEquals( cl.toString(), actualCommand.toString() );
+
+        String expectedCommandLineAsExecuted = StringUtils.join( cl.getShellCommandline(), " " );
+        String actualCommandLineAsExecuted =  StringUtils.join( actualCommand.getShellCommandline(), " " );
+        assertEquals( expectedCommandLineAsExecuted, actualCommandLineAsExecuted );
     }
 
     /**

From 666e37646f025a1e62c2956a7463229774286697 Mon Sep 17 00:00:00 2001
From: et80225 <ludovic.lebegue@bred.fr>
Date: Fri, 10 Oct 2014 14:32:41 +0200
Subject: [PATCH 2/2] SCM-764 : Fix password displayed in cl.toString()

---
 .../gitexe/command/GitCommandLineUtils.java   | 23 ++++++++-
 .../command/tag/AnonymousCommandLine.java     | 50 +++++++++++++++++++
 .../git/gitexe/command/tag/GitTagCommand.java |  6 +--
 .../gitexe/command/tag/GitTagCommandTest.java | 24 ++++++++-
 .../org/apache/maven/scm/ScmTestCase.java     |  5 +-
 5 files changed, 101 insertions(+), 7 deletions(-)
 create mode 100644 maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/tag/AnonymousCommandLine.java

diff --git a/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/GitCommandLineUtils.java b/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/GitCommandLineUtils.java
index f0234b653..890c13e06 100644
--- a/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/GitCommandLineUtils.java
+++ b/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/GitCommandLineUtils.java
@@ -21,6 +21,7 @@
 
 import org.apache.maven.scm.ScmException;
 import org.apache.maven.scm.log.ScmLogger;
+import org.apache.maven.scm.provider.git.gitexe.command.tag.AnonymousCommandLine;
 import org.codehaus.plexus.util.cli.CommandLineException;
 import org.codehaus.plexus.util.cli.CommandLineUtils;
 import org.codehaus.plexus.util.cli.Commandline;
@@ -90,6 +91,26 @@ public static Commandline getBaseGitCommandLine( File workingDirectory, String c
 
         Commandline cl = new Commandline();
 
+        composeCommandLine(workingDirectory, command, cl);
+
+        return cl;
+    }
+
+    public static Commandline getAnonymousBaseGitCommandLine( File workingDirectory, String command )
+    {
+        if ( command == null || command.length() == 0 )
+        {
+            return null;
+        }
+
+        Commandline cl = new AnonymousCommandLine();
+
+        composeCommandLine(workingDirectory, command, cl);
+
+        return cl;
+    }
+
+    private static void composeCommandLine(File workingDirectory, String command, Commandline cl) {
         cl.setExecutable( "git" );
 
         cl.createArg().setValue( command );
@@ -98,8 +119,6 @@ public static Commandline getBaseGitCommandLine( File workingDirectory, String c
         {
             cl.setWorkingDirectory( workingDirectory.getAbsolutePath() );
         }
-
-        return cl;
     }
 
     public static int execute( Commandline cl, StreamConsumer consumer, CommandLineUtils.StringStreamConsumer stderr,
diff --git a/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/tag/AnonymousCommandLine.java b/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/tag/AnonymousCommandLine.java
new file mode 100644
index 000000000..4a0c46d06
--- /dev/null
+++ b/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/tag/AnonymousCommandLine.java
@@ -0,0 +1,50 @@
+package org.apache.maven.scm.provider.git.gitexe.command.tag;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.codehaus.plexus.util.cli.Commandline;
+
+public class AnonymousCommandLine extends Commandline 
+{
+
+    private Pattern passwordPattern = Pattern.compile("^.*:(.*)@.*$");
+
+    /**
+     * Provides an anonymous output to mask password.
+     * Considering URL of type : &lt;&lt;protocol&gt;&gt;://&lt;&lt;user&gt;&gt;:&lt;&lt;password&gt;&gt;@&lt;&lt;host_definition&gt;&gt;
+     */
+    @Override
+    public String toString() 
+    {
+        String output = super.toString();
+        final Matcher passwordMatcher = passwordPattern.matcher(output);
+        if (passwordMatcher.find()) 
+        {
+            // clear password
+            final String clearPassword = passwordMatcher.group(1);
+            // to be replaced in output by stars
+            output = output.replace(clearPassword, "********");
+        }
+        return output;
+    }
+}
diff --git a/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/tag/GitTagCommand.java b/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/tag/GitTagCommand.java
index daf95765f..3dca31a0d 100644
--- a/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/tag/GitTagCommand.java
+++ b/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/main/java/org/apache/maven/scm/provider/git/gitexe/command/tag/GitTagCommand.java
@@ -102,7 +102,7 @@ public ScmResult executeTagCommand( ScmProviderRepository repo, ScmFileSet fileS
             if( repo.isPushChanges() ) 
             {
                 // and now push the tag to the configured upstream repository
-                Commandline clPush = createPushCommandLine( repository, fileSet, tag );
+                Commandline clPush = createPushCommandLine( repository, fileSet.getBasedir(), tag );
     
                 exitCode = GitCommandLineUtils.execute( clPush, stdout, stderr, getLogger() );
                 if ( exitCode != 0 )
@@ -157,10 +157,10 @@ public static Commandline createCommandLine( GitScmProviderRepository repository
         return cl;
     }
 
-    public static Commandline createPushCommandLine( GitScmProviderRepository repository, ScmFileSet fileSet, String tag )
+    public static Commandline createPushCommandLine( GitScmProviderRepository repository, File workingDirectory, String tag )
         throws ScmException
     {
-        Commandline cl = GitCommandLineUtils.getBaseGitCommandLine( fileSet.getBasedir(), "push" );
+        Commandline cl = GitCommandLineUtils.getAnonymousBaseGitCommandLine( workingDirectory, "push" );
 
         cl.createArg().setValue( repository.getPushUrl() );
         cl.createArg().setValue( "refs/tags/" + tag );
diff --git a/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/test/java/org/apache/maven/scm/provider/git/gitexe/command/tag/GitTagCommandTest.java b/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/test/java/org/apache/maven/scm/provider/git/gitexe/command/tag/GitTagCommandTest.java
index 68c475043..4f5437861 100644
--- a/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/test/java/org/apache/maven/scm/provider/git/gitexe/command/tag/GitTagCommandTest.java
+++ b/maven-scm-providers/maven-scm-providers-git/maven-scm-provider-gitexe/src/test/java/org/apache/maven/scm/provider/git/gitexe/command/tag/GitTagCommandTest.java
@@ -25,6 +25,7 @@
 import org.codehaus.plexus.util.cli.Commandline;
 
 import java.io.File;
+import java.text.MessageFormat;
 
 /**
  * @author <a href="mailto:struberg@yahoo.de">Mark Struberg</a>
@@ -51,7 +52,6 @@ public void setUp()
         messageFileString = "-F " + path;
     }
 
-
     public void testCommandLineTag()
         throws Exception
     {
@@ -65,6 +65,28 @@ public void testCommandLineWithUsernameAndTag()
                          "git tag " + messageFileString + " my-tag-1" );
     }
 
+    public void testPushCommandLineWithUsernameAndPassword()
+        throws Exception
+    {
+    	final String scmProtocol = "scm:git:";
+    	
+        final String scmUrl = "https://user:password@foo.com/git/trunk";
+        final String tag = "my-tag-1";
+        
+        final ScmRepository repository = getScmManager().makeScmRepository( scmProtocol.concat( scmUrl ) );
+        final GitScmProviderRepository gitRepository = (GitScmProviderRepository) repository.getProviderRepository();
+        
+        final Commandline cl = GitTagCommand.createPushCommandLine( gitRepository, null, tag );
+        
+        assertCommandLine( "git push https://user:password@foo.com/git/trunk refs/tags/my-tag-1", null, cl );
+
+        // Message that should appear in the output log as the result of toString()
+        final String scmUrlFakeForTest="https://user:********@foo.com/git/trunk";
+        
+        assertTrue( MessageFormat.format( "The target log message should contain <{0}> but it contains <{1}>",
+            scmUrlFakeForTest, cl.toString() ), cl.toString().contains( scmUrlFakeForTest ) );
+    }
+
     // ----------------------------------------------------------------------
     //
     // ----------------------------------------------------------------------
diff --git a/maven-scm-test/src/main/java/org/apache/maven/scm/ScmTestCase.java b/maven-scm-test/src/main/java/org/apache/maven/scm/ScmTestCase.java
index b83cd82e8..f848b4779 100644
--- a/maven-scm-test/src/main/java/org/apache/maven/scm/ScmTestCase.java
+++ b/maven-scm-test/src/main/java/org/apache/maven/scm/ScmTestCase.java
@@ -361,7 +361,10 @@ public void assertCommandLine( String expectedCommand, File expectedWorkingDirec
         {
             cl.setWorkingDirectory( expectedWorkingDirectory.getAbsolutePath() );
         }
-        assertEquals( cl.toString(), actualCommand.toString() );
+
+        String expectedCommandLineAsExecuted = StringUtils.join( cl.getShellCommandline(), " " );
+        String actualCommandLineAsExecuted =  StringUtils.join( actualCommand.getShellCommandline(), " " );
+        assertEquals( expectedCommandLineAsExecuted, actualCommandLineAsExecuted );
     }
 
     /**