Put remove password in the utils and use it also in cmd.execute

mickours · mickours · commit f7968d136276 · 2021-03-15T18:00:05.000+01:00
diff --git a/git/cmd.py b/git/cmd.py
@@ -28,7 +28,7 @@
     is_win,
 )
 from git.exc import CommandError
-from git.util import is_cygwin_git, cygpath, expand_path
+from git.util import is_cygwin_git, cygpath, expand_path, remove_password_if_present
 
 from .exc import (
     GitCommandError,
@@ -682,8 +682,10 @@ def execute(self, command,
         :note:
            If you add additional keyword arguments to the signature of this method,
            you must update the execute_kwargs tuple housed in this module."""
+        # Remove password for the command if present
+        redacted_command = remove_password_if_present(command)
         if self.GIT_PYTHON_TRACE and (self.GIT_PYTHON_TRACE != 'full' or as_process):
-            log.info(' '.join(command))
+            log.info(' '.join(redacted_command))
 
         # Allow the user to have the command executed in their working dir.
         cwd = self._working_dir or os.getcwd()
diff --git a/git/repo/base.py b/git/repo/base.py
@@ -9,7 +9,6 @@
 import os
 import re
 import warnings
-from urllib.parse import urlsplit, urlunsplit
 
 from git.cmd import (
     Git,
@@ -27,7 +26,7 @@
 from git.objects import Submodule, RootModule, Commit
 from git.refs import HEAD, Head, Reference, TagReference
 from git.remote import Remote, add_progress, to_progress_instance
-from git.util import Actor, finalize_process, decygpath, hex_to_bin, expand_path
+from git.util import Actor, finalize_process, decygpath, hex_to_bin, expand_path, remove_password_if_present
 import os.path as osp
 
 from .fun import rev_parse, is_git_dir, find_submodule_git_dir, touch, find_worktree_git_dir
@@ -971,16 +970,8 @@ def _clone(cls, git, url, path, odb_default_type, progress, multi_options=None,
         else:
             (stdout, stderr) = proc.communicate()
             cmdline = getattr(proc, 'args', '')
-            uri = cmdline[-2]
-            try:
-                url = urlsplit(uri)
-                # Remove password from the URL if present
-                if url.password:
-                    edited_url = url._replace(
-                        netloc=url.netloc.replace(url.password, "****"))
-                    cmdline[-2] = urlunsplit(edited_url)
-            except ValueError:
-                log.debug("Unable to parse the URL %s", url)
+            cmdline = remove_password_if_present(cmdline)
+
             log.debug("Cmd(%s)'s unused stdout: %s", cmdline, stdout)
             finalize_process(proc, stderr=stderr)
 
diff --git a/git/util.py b/git/util.py
@@ -16,6 +16,7 @@
 from sys import maxsize
 import time
 from unittest import SkipTest
+from urllib.parse import urlsplit, urlunsplit
 
 from gitdb.util import (# NOQA @IgnorePep8
     make_sha,
@@ -338,6 +339,33 @@ def expand_path(p, expand_vars=True):
     except Exception:
         return None
 
+
+def remove_password_if_present(cmdline):
+    """
+    Parse any command line argument and if on of the element is an URL with a
+    password, replace it by stars.  If nothing found just returns a copy of the
+    command line as-is.
+
+    This should be used for every log line that print a command line.
+    """
+    redacted_cmdline = []
+    for to_parse in cmdline:
+        try:
+            url = urlsplit(to_parse)
+            # Remove password from the URL if present
+            if url.password is None:
+                raise ValueError()
+
+            edited_url = url._replace(
+                netloc=url.netloc.replace(url.password, "*****"))
+            redacted_cmdline.append(urlunsplit(edited_url))
+        except ValueError:
+            redacted_cmdline.append(to_parse)
+            # This is not a valid URL
+            pass
+    return redacted_cmdline
+
+
 #} END utilities
 
 #{ Classes
