New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added code to ensure that passwords are not included git.remote.origin.url #241

Merged
merged 1 commit into from Mar 26, 2016

Conversation

Projects
None yet
4 participants
@damnhandy
Contributor

damnhandy commented Mar 22, 2016

PR for issue #240

@ceefour

This comment has been minimized.

Show comment
Hide comment
@ceefour

ceefour Mar 26, 2016

👍 this is a security issue

ceefour commented Mar 26, 2016

👍 this is a security issue

@@ -0,0 +1,54 @@
package pl.project13.maven.git;

This comment has been minimized.

@ktoso

ktoso Mar 26, 2016

Owner

missing license header, I'll add

@ktoso

ktoso Mar 26, 2016

Owner

missing license header, I'll add

/**
* Created by ryan on 3/21/16.
*/

This comment has been minimized.

@ktoso

ktoso Mar 26, 2016

Owner

I try to not include any @author or Created by since it goes somewhat against collective ownership of code (if there's still any left in the code - let's remove those as well).

I'll clean that up.

@ktoso

ktoso Mar 26, 2016

Owner

I try to not include any @author or Created by since it goes somewhat against collective ownership of code (if there's still any left in the code - let's remove those as well).

I'll clean that up.

@Test
public void testHttpsUriWithUserInfoAndPassword() throws Exception {
String result = GitDataProvider.stripCredentialsFromOriginUrl("https://user:password@example.com");
assertEquals("https://user@example.com", result);

This comment has been minimized.

@ktoso

ktoso Mar 26, 2016

Owner

👍

@ktoso
@ktoso

This comment has been minimized.

Show comment
Hide comment
@ktoso

ktoso Mar 26, 2016

Owner

LGTM, thanks a lot for noticing and the fix - I would not have noticed as currently not using Maven in any of the projects I maintain (except this one).

I'll merge and cut a release shortly after today as you're right that it's a security issue.

Owner

ktoso commented Mar 26, 2016

LGTM, thanks a lot for noticing and the fix - I would not have noticed as currently not using Maven in any of the projects I maintain (except this one).

I'll merge and cut a release shortly after today as you're right that it's a security issue.

@ktoso ktoso merged commit c2997b8 into ktoso:master Mar 26, 2016

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
@damnhandy

This comment has been minimized.

Show comment
Hide comment
@damnhandy

damnhandy Mar 26, 2016

Contributor

Thanks for taking the change. This plugin is extremely useful to me and my teams. Interestingly, the core issue is really not in this plugin, but your code was easier to jump in and make a fix. It's well organized and has great test cases.

Contributor

damnhandy commented Mar 26, 2016

Thanks for taking the change. This plugin is extremely useful to me and my teams. Interestingly, the core issue is really not in this plugin, but your code was easier to jump in and make a fix. It's well organized and has great test cases.

@ktoso

This comment has been minimized.

Show comment
Hide comment
@ktoso

ktoso Mar 26, 2016

Owner

This plugin is extremely useful to me and my teams. Interestingly, the core issue is really not in this plugin, but your code was easier to jump in and make a fix. It's well organized and has great test cases.

I'm very glad to hear that. Yeah, it's not really our fault but let's clean up the problem since we can.

Thanks a lot for the PR!
I've released 2.2.1 with this fix - it'll be on central soon.

Owner

ktoso commented Mar 26, 2016

This plugin is extremely useful to me and my teams. Interestingly, the core issue is really not in this plugin, but your code was easier to jump in and make a fix. It's well organized and has great test cases.

I'm very glad to hear that. Yeah, it's not really our fault but let's clean up the problem since we can.

Thanks a lot for the PR!
I've released 2.2.1 with this fix - it'll be on central soon.

@TheSnoozer TheSnoozer added this to the 2.2.1 milestone Sep 23, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment