You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ant.apache.org by bu...@apache.org on 2007/09/07 21:33:11 UTC
DO NOT REPLY [Bug 43330] New: - Proposal to hide password in AbstractCvsTask when showing failed command.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43330>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43330
Summary: Proposal to hide password in AbstractCvsTask when
showing failed command.
Product: Ant
Version: 1.7.0
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Core tasks
AssignedTo: dev@ant.apache.org
ReportedBy: dario.mx@gmail.com
Hallo,
I found more practical to include the password as part of the CVS url than using
the cvspass file (manually or through ant task). It works fine for me, but I am
a bit worried because when the command fails for some reason, the cvs task
prints a message like this:
-----------------------------------------------------------------------
checkout:
[cvs] Fatal error, aborting.
[cvs] dummyuser: no such user
BUILD FAILED
/tmp/.newdeploy/deployServer/chacaDeploy/scripts/deploy.xml:13: The following
error occurred while executing this line:
/tmp/.newdeploy/deployServer/chacaDeploy/scripts/deployCommon.xml:30: cvs exited
with error code 1
Command line was [Executing 'cvs' with arguments:
'-d:pserver:dummyuser:dummypwd@some.cvsserver.com:/usr/local/cvsroot'
'checkout'
'-P'
'pps_build/version'
'pps_build/chacaDeploy'
The ' characters around the executable and arguments are
not part of the command.
]
-----------------------------------------------------------------------
As you can see, the password is shown (given it was included in the CVS url). I
solved the problem by doing a little local hack, in order to hide the cvs
password (if it was there). I was thinking that it may be a good addition to the
code base. In general, is not useful not print the password ;-]
The change is the following (AbstractCvsTask.java):
In the runCommand method, I changed the section where the failure is printed
(the addition was only the call to hidePassword):
/*Throw an exception if cvs exited with error. (Iulian)*/
if (failOnError && Execute.isFailure(retCode)) {
throw new BuildException("cvs exited with error code "
+ retCode
+ StringUtils.LINE_SEP
+ "Command line was ["
+ hidePassword(actualCommandLine) + "]",
getLocation());
}
Where "hidePassword" is defined by:
/**
* Hides password from command line.
*
* It could the the case that a password in plain form was used as
* part of the CVS url; if that is the case, hide it by replacing
* with a dummy string.
*
* The pattern where the password can occurs is something like
* this:
*
* -d:pserver:user:pwd@cvs.server.com:/usr/local/cvsroot
*
* @param The CVS command line
*/
private String hidePassword(String cmd)
{
return
cmd.replaceAll("-d:([^:]+):([^:]+):([^:]+)@([^:]+):(.*)",
"-d:$1:$2:<hidden password>@$4:$5");
}
My boss does not like my hack, because it is not official ant release. Given
that, I will need to use cvs password file, but maybe in the near future ant
could have this addition?
Thanks in advance.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org
DO NOT REPLY [Bug 43330] - Proposal to hide password in AbstractCvsTask when showing failed command.
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43330>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43330
jkf@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From jkf@apache.org 2007-09-08 08:22 -------
Similar solution, that does not depend on jdk 1.4 introduced, password replaced
by asterisks.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org
DO NOT REPLY [Bug 43330] - Proposal to hide password in AbstractCvsTask when showing failed command.
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43330>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43330
jkf@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |enhancement
Priority|P2 |P3
Target Milestone|--- |1.7.1
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org