You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@spark.apache.org by gu...@apache.org on 2021/02/03 06:03:15 UTC

[spark] branch master updated: [SPARK-34327][BUILD] Strip passwords from inlining into build information while releasing

This is an automated email from the ASF dual-hosted git repository.

gurwls223 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git


The following commit(s) were added to refs/heads/master by this push:
     new 89bf2af  [SPARK-34327][BUILD] Strip passwords from inlining into build information while releasing
89bf2af is described below

commit 89bf2afb3337a44f34009a36cae16dd0ff86b353
Author: Prashant Sharma <pr...@in.ibm.com>
AuthorDate: Wed Feb 3 15:02:35 2021 +0900

    [SPARK-34327][BUILD] Strip passwords from inlining into build information while releasing
    
    ### What changes were proposed in this pull request?
    
    Strip passwords from getting inlined into build information, inadvertently.
    
    ` https://user:passdomain/foo -> https://domain/foo`
    
    ### Why are the changes needed?
    This can be a serious security issue, esp. during a release.
    
    ### Does this PR introduce _any_ user-facing change?
    
    No.
    
    ### How was this patch tested?
    
    Tested by executing the following command on both Mac OSX and Ubuntu.
    
    ```
    echo url=$(git config --get remote.origin.url |  sed 's|https://\(.*\)\(.*\)|https://\2|')
    ```
    
    Closes #31436 from ScrapCodes/strip_pass.
    
    Authored-by: Prashant Sharma <pr...@in.ibm.com>
    Signed-off-by: HyukjinKwon <gu...@apache.org>
---
 build/spark-build-info | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/spark-build-info b/build/spark-build-info
index ad0ec67..eb0e3d7 100755
--- a/build/spark-build-info
+++ b/build/spark-build-info
@@ -32,7 +32,7 @@ echo_build_properties() {
   echo revision=$(git rev-parse HEAD)
   echo branch=$(git rev-parse --abbrev-ref HEAD)
   echo date=$(date -u +%Y-%m-%dT%H:%M:%SZ)
-  echo url=$(git config --get remote.origin.url)
+  echo url=$(git config --get remote.origin.url |  sed 's|https://\(.*\)@\(.*\)|https://\2|')
 }
 
 echo_build_properties $2 > "$SPARK_BUILD_INFO"


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org