You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
But I would not bet that there are other methods of generating a _servicedata file which do not fail, and so the possibility of the credentials leaking is very high.
trivial fix:
Index: b/TarSCM/scm/git.py
===================================================================
--- a/TarSCM/scm/git.py
+++ b/TarSCM/scm/git.py
@@ -102,6 +102,7 @@ class Git(Scm):
def fetch_upstream_scm(self):
"""SCM specific version of fetch_uptream for git."""
+ url = self.url
self.auth_url()
# clone if no .git dir exists
command = self._get_scm_cmd() + ['clone', self.url, self.clone_dir]
@@ -131,6 +132,7 @@ class Git(Scm):
self._get_scm_cmd() + ['checkout', self.revision],
cwd=self.clone_dir
)
+ self.url = url
def fetch_specific_revision(self):
if self.revision and not self._ref_exists(self.revision):
however, it needs to be investigated if "package-meta" feature will also leak the credentials in .git/config.
The text was updated successfully, but these errors were encountered:
auth_url modifies self.url and adds credentials.
Later, self.url is used to read / write _servicedata, e.g. when changesgenerate is enabled.
Right now, luckily, this fails with
The generated _servicedata has url=https://user:passwort@github.my.instance/my-project/my-package
But I would not bet that there are other methods of generating a _servicedata file which do not fail, and so the possibility of the credentials leaking is very high.
trivial fix:
however, it needs to be investigated if "package-meta" feature will also leak the credentials in
.git/config.The text was updated successfully, but these errors were encountered: