You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@maven.apache.org by eddiewebb <gi...@git.apache.org> on 2016/02/06 16:18:32 UTC
[GitHub] maven-scm pull request: Resolves critical security bug SCM-811
GitHub user eddiewebb opened a pull request:
https://github.com/apache/maven-scm/pull/45
Resolves critical security bug SCM-811
This PR addresses https://issues.apache.org/jira/browse/SCM-811 by allowing the shared ScmResult in the api module to mask known patterns. Covers SVN and git patterns (which are the ones impacting us and likely most popular).
Includes simple unit test to validate passwords aren't leaked.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/Libertymutual/maven-scm SCM-811
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/maven-scm/pull/45.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #45
----
commit 8785b85e0d6273f88e7bd173c5d59d0e2c1148c2
Author: EDWARD WEBB <ed...@libertymutual.com>
Date: 2016-02-06T14:58:36Z
#resolves SCM-811 by masking command output in ScmResult class used by all SCM operations
commit 9d009e8f14c0dff99c377b8991bdd59b519f0d33
Author: EDWARD WEBB <ed...@libertymutual.com>
Date: 2016-02-06T15:15:41Z
Simple test for SCM-811 ensures ouptut is masked
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] maven-scm pull request: Resolves critical security bug SCM-811
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/maven-scm/pull/45
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] maven-scm pull request: Resolves critical security bug SCM-811
Posted by eddiewebb <gi...@git.apache.org>.
Github user eddiewebb commented on a diff in the pull request:
https://github.com/apache/maven-scm/pull/45#discussion_r64888411
--- Diff: maven-scm-api/src/test/java/org/apache/maven/scm/ScmResultTest.java ---
@@ -0,0 +1,47 @@
+package org.apache.maven.scm;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import junit.framework.TestCase;
+import org.apache.maven.scm.provider.ScmUrlUtils;
+
+/**
+ * @author <a href="mailto:dennisl@apache.org">Dennis Lundberg</a>
--- End diff --
removed.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] maven-scm pull request: Resolves critical security bug SCM-811
Posted by olamy <gi...@git.apache.org>.
Github user olamy commented on a diff in the pull request:
https://github.com/apache/maven-scm/pull/45#discussion_r64850637
--- Diff: maven-scm-api/src/test/java/org/apache/maven/scm/ScmResultTest.java ---
@@ -0,0 +1,47 @@
+package org.apache.maven.scm;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import junit.framework.TestCase;
+import org.apache.maven.scm.provider.ScmUrlUtils;
+
+/**
+ * @author <a href="mailto:dennisl@apache.org">Dennis Lundberg</a>
--- End diff --
well I'm not sure about the author tag content
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[GitHub] maven-scm pull request: Resolves critical security bug SCM-811
Posted by eddiewebb <gi...@git.apache.org>.
Github user eddiewebb commented on a diff in the pull request:
https://github.com/apache/maven-scm/pull/45#discussion_r64887559
--- Diff: maven-scm-api/src/test/java/org/apache/maven/scm/ScmResultTest.java ---
@@ -0,0 +1,47 @@
+package org.apache.maven.scm;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import junit.framework.TestCase;
+import org.apache.maven.scm.provider.ScmUrlUtils;
+
+/**
+ * @author <a href="mailto:dennisl@apache.org">Dennis Lundberg</a>
--- End diff --
Whoops . I'll clean that up
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org