You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by mi...@apache.org on 2018/04/02 19:53:31 UTC
[maven-scm] 01/01: [SCM-763] Password masking for svnexe does not
handle all cases
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch SCM-763
in repository https://gitbox.apache.org/repos/asf/maven-scm.git
commit 16ab07c11ee86ede650cebb3fa6242ef5e96e5ca
Author: Michael Osipov <mi...@apache.org>
AuthorDate: Mon Apr 2 21:51:57 2018 +0200
[SCM-763] Password masking for svnexe does not handle all cases
---
.../svn/svnexe/command/SvnCommandLineUtils.java | 49 +++++++++++----
.../svnexe/command/SvnCommandLineUtilsTest.java | 70 ++++++++++++++++++++++
2 files changed, 107 insertions(+), 12 deletions(-)
diff --git a/maven-scm-providers/maven-scm-providers-svn/maven-scm-provider-svnexe/src/main/java/org/apache/maven/scm/provider/svn/svnexe/command/SvnCommandLineUtils.java b/maven-scm-providers/maven-scm-providers-svn/maven-scm-provider-svnexe/src/main/java/org/apache/maven/scm/provider/svn/svnexe/command/SvnCommandLineUtils.java
index cf98f4a..3caf982 100644
--- a/maven-scm-providers/maven-scm-providers-svn/maven-scm-provider-svnexe/src/main/java/org/apache/maven/scm/provider/svn/svnexe/command/SvnCommandLineUtils.java
+++ b/maven-scm-providers/maven-scm-providers-svn/maven-scm-provider-svnexe/src/main/java/org/apache/maven/scm/provider/svn/svnexe/command/SvnCommandLineUtils.java
@@ -107,25 +107,25 @@ public final class SvnCommandLineUtils
cl.createArg().setValue( SvnUtil.getSettings().getConfigDirectory() );
}
- boolean hasAuthInfo = false;
+ boolean hasAuthInfo = false;
if ( repository != null && !StringUtils.isEmpty( repository.getUser() ) )
{
- hasAuthInfo = true;
+ hasAuthInfo = true;
cl.createArg().setValue( "--username" );
cl.createArg().setValue( repository.getUser() );
}
if ( repository != null && !StringUtils.isEmpty( repository.getPassword() ) )
{
- hasAuthInfo = true;
+ hasAuthInfo = true;
cl.createArg().setValue( "--password" );
cl.createArg().setValue( repository.getPassword() );
}
- // [by Lenik] don't overwrite existing auth cache by default.
- if ( hasAuthInfo && !SvnUtil.getSettings().isUseAuthCache() )
+ // [by Lenik] don't overwrite existing auth cache by default.
+ if ( hasAuthInfo && !SvnUtil.getSettings().isUseAuthCache() )
{
- cl.createArg().setValue( "--no-auth-cache" );
+ cl.createArg().setValue( "--no-auth-cache" );
}
if ( SvnUtil.getSettings().isUseNonInteractive() )
@@ -222,21 +222,46 @@ public final class SvnCommandLineUtils
{
String clString = cl.toString();
- int pos = clString.indexOf( "--password" );
+ final String PASSWORD_ARG = "--password ";
+
+ int pos = clString.indexOf( PASSWORD_ARG );
if ( pos > 0 )
{
- String beforePassword = clString.substring( 0, pos + "--password ".length() );
- String afterPassword = clString.substring( pos + "--password ".length() );
- afterPassword = afterPassword.substring( afterPassword.indexOf( ' ' ) );
+ String beforePassword = clString.substring( 0, pos + PASSWORD_ARG.length() );
+ String afterPassword = clString.substring( pos + PASSWORD_ARG.length() );
if ( Os.isFamily( Os.FAMILY_WINDOWS ) )
{
- clString = beforePassword + "*****" + afterPassword;
+ // FIXME Plexus Utils does not escape double qoutes in password
+ if ( afterPassword.startsWith( "\"" ) )
+ {
+ afterPassword = afterPassword.substring ( afterPassword.indexOf( '"', 1 ) + 1 );
+ }
+ else
+ {
+ afterPassword = afterPassword.substring( afterPassword.indexOf( ' ' ) );
+ }
}
else
{
- clString = beforePassword + "'*****'" + afterPassword;
+ // Here does Plexus the right thing
+ if ( afterPassword.startsWith( "'" ) )
+ {
+ pos = 1;
+ while ( afterPassword.indexOf( "'\\''", pos ) != -1 )
+ {
+ pos = afterPassword.indexOf( "'\\''", pos ) + 4;
+ }
+ afterPassword = afterPassword.substring ( afterPassword.indexOf( '\'', pos ) + 1 );
+ }
+ else
+ {
+ afterPassword = afterPassword.substring( afterPassword.indexOf( ' ' ) );
+ }
}
+
+ clString = beforePassword + "*****" + afterPassword;
+
}
return clString;
diff --git a/maven-scm-providers/maven-scm-providers-svn/maven-scm-provider-svnexe/src/test/java/org/apache/maven/scm/provider/svn/svnexe/command/SvnCommandLineUtilsTest.java b/maven-scm-providers/maven-scm-providers-svn/maven-scm-provider-svnexe/src/test/java/org/apache/maven/scm/provider/svn/svnexe/command/SvnCommandLineUtilsTest.java
index f3a7f8a..ceaf227 100644
--- a/maven-scm-providers/maven-scm-providers-svn/maven-scm-provider-svnexe/src/test/java/org/apache/maven/scm/provider/svn/svnexe/command/SvnCommandLineUtilsTest.java
+++ b/maven-scm-providers/maven-scm-providers-svn/maven-scm-provider-svnexe/src/test/java/org/apache/maven/scm/provider/svn/svnexe/command/SvnCommandLineUtilsTest.java
@@ -21,8 +21,11 @@ package org.apache.maven.scm.provider.svn.svnexe.command;
import org.apache.maven.scm.ScmTestCase;
import org.apache.maven.scm.provider.svn.repository.SvnScmProviderRepository;
+import org.codehaus.plexus.util.Os;
import org.codehaus.plexus.util.cli.Commandline;
+import static org.junit.Assert.assertNotEquals;
+
import java.io.File;
/**
@@ -48,5 +51,72 @@ public class SvnCommandLineUtilsTest
SvnCommandLineUtils.cryptPassword( SvnCommandLineUtils.getBaseSvnCommandLine( new File( "." ), repo ) );
assertCommandLine( "svn --username username --no-auth-cache --non-interactive", new File( "." ),
SvnCommandLineUtils.getBaseSvnCommandLine( new File( "." ), repo ) );
+
+ repo = new SvnScmProviderRepository( "https://svn.apache.org/repos/asf/maven/scm/trunk", "username", "password with spaces" );
+ clString =
+ SvnCommandLineUtils.cryptPassword( SvnCommandLineUtils.getBaseSvnCommandLine( new File( "." ), repo ) );
+ expectedCmd = new Commandline( "svn --username username --password ***** --no-auth-cache --non-interactive" );
+ expectedCmd.setWorkingDirectory( new File( "." ).getAbsolutePath() );
+ assertEquals( expectedCmd.toString(), clString );
+
+ repo = new SvnScmProviderRepository( "https://svn.apache.org/repos/asf/maven/scm/trunk", "username", "password'with'single'quotes" );
+ clString =
+ SvnCommandLineUtils.cryptPassword( SvnCommandLineUtils.getBaseSvnCommandLine( new File( "." ), repo ) );
+ expectedCmd = new Commandline( "svn --username username --password ***** --no-auth-cache --non-interactive" );
+ expectedCmd.setWorkingDirectory( new File( "." ).getAbsolutePath() );
+ assertEquals( expectedCmd.toString(), clString );
+
+ repo = new SvnScmProviderRepository( "https://svn.apache.org/repos/asf/maven/scm/trunk", "username", "password'with'single'quotes and spaces" );
+ clString =
+ SvnCommandLineUtils.cryptPassword( SvnCommandLineUtils.getBaseSvnCommandLine( new File( "." ), repo ) );
+ expectedCmd = new Commandline( "svn --username username --password ***** --no-auth-cache --non-interactive" );
+ expectedCmd.setWorkingDirectory( new File( "." ).getAbsolutePath() );
+ assertEquals( expectedCmd.toString(), clString );
+
+ repo = new SvnScmProviderRepository( "https://svn.apache.org/repos/asf/maven/scm/trunk", "username", "password\"with\"double\"quotes" );
+ clString =
+ SvnCommandLineUtils.cryptPassword( SvnCommandLineUtils.getBaseSvnCommandLine( new File( "." ), repo ) );
+ expectedCmd = new Commandline( "svn --username username --password ***** --no-auth-cache --non-interactive" );
+ expectedCmd.setWorkingDirectory( new File( "." ).getAbsolutePath() );
+ assertEquals( expectedCmd.toString(), clString );
+
+ repo = new SvnScmProviderRepository( "https://svn.apache.org/repos/asf/maven/scm/trunk", "username", "password\"with\"double\"quotes and spaces" );
+ clString =
+ SvnCommandLineUtils.cryptPassword( SvnCommandLineUtils.getBaseSvnCommandLine( new File( "." ), repo ) );
+ expectedCmd = new Commandline( "svn --username username --password ***** --no-auth-cache --non-interactive" );
+ expectedCmd.setWorkingDirectory( new File( "." ).getAbsolutePath() );
+ // FIXME https://github.com/codehaus-plexus/plexus-utils/issues/36
+ if ( Os.isFamily( Os.FAMILY_WINDOWS ) )
+ {
+ assertNotEquals( expectedCmd.toString(), clString );
+ }
+ else {
+ assertEquals( expectedCmd.toString(), clString );
+ }
+
+ repo = new SvnScmProviderRepository( "https://svn.apache.org/repos/asf/maven/scm/trunk", "username", "password\"with\"double\"quotes'and'single'quotes" );
+ clString =
+ SvnCommandLineUtils.cryptPassword( SvnCommandLineUtils.getBaseSvnCommandLine( new File( "." ), repo ) );
+ expectedCmd = new Commandline( "svn --username username --password ***** --no-auth-cache --non-interactive" );
+ expectedCmd.setWorkingDirectory( new File( "." ).getAbsolutePath() );
+ assertEquals( expectedCmd.toString(), clString );
+
+ repo = new SvnScmProviderRepository( "https://svn.apache.org/repos/asf/maven/scm/trunk", "username", "password\"with\"double\"quotes'and'single'quotes and spaces" );
+ clString =
+ SvnCommandLineUtils.cryptPassword( SvnCommandLineUtils.getBaseSvnCommandLine( new File( "." ), repo ) );
+ expectedCmd = new Commandline( "svn --username username --password ***** --no-auth-cache --non-interactive" );
+ expectedCmd.setWorkingDirectory( new File( "." ).getAbsolutePath() );
+ // FIXME https://github.com/codehaus-plexus/plexus-utils/issues/36
+ if ( Os.isFamily( Os.FAMILY_WINDOWS ) )
+ {
+ assertNotEquals( expectedCmd.toString(), clString );
+ }
+ else {
+ assertEquals( expectedCmd.toString(), clString );
+ }
+
+ repo = new SvnScmProviderRepository( "https://svn.apache.org/repos/asf/maven/scm/trunk", "username", null );
+ assertCommandLine( "svn --username username --no-auth-cache --non-interactive", new File( "." ),
+ SvnCommandLineUtils.getBaseSvnCommandLine( new File( "." ), repo ) );
}
}
--
To stop receiving notification emails like this one, please contact
michaelo@apache.org.