mobi/buildkit
1
0
Fork 0
mirror of https://github.com/moby/buildkit.git synced 2025-07-30 15:03:06 +03:00
Code Activity

git: add missing RedactCredentials call in cache description

Browse Source 
It's possible for a git url to contain encoded credentials - even though
this practice is not recommended. For safety, we attempt to censor the
credentials before putting them into cache descriptions and error
messages.

However, we were previously missing one of these, and we would put an
uncensored git url into the git checkout snapshot cache ref description.

Signed-off-by: Justin Chadwell <me@jedevc.com>
This commit is contained in:
Justin Chadwell
2023-11-07 10:38:41 +00:00
parent 25e9aa8d39
commit 6e86128d07
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
source/git/source.go
View File

@ -468,7 +468,7 @@ func (gs *gitSourceHandler) Snapshot(ctx context.Context, g session.Group) (out
}
}
checkoutRef, err := gs.cache.New(ctx, nil, g, cache.WithRecordType(client.UsageRecordTypeGitCheckout), cache.WithDescription(fmt.Sprintf("git snapshot for %s#%s", gs.src.Remote, ref)))
checkoutRef, err := gs.cache.New(ctx, nil, g, cache.WithRecordType(client.UsageRecordTypeGitCheckout), cache.WithDescription(fmt.Sprintf("git snapshot for %s#%s", urlutil.RedactCredentials(gs.src.Remote), ref)))
if err != nil {
return nil, errors.Wrapf(err, "failed to create new mutable for %s", urlutil.RedactCredentials(gs.src.Remote))
}