You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Michael Osipov (JIRA)" <ji...@apache.org> on 2016/01/04 13:41:39 UTC
[jira] [Commented] (MRELEASE-937) Git password is visible if commit
fails
[ https://issues.apache.org/jira/browse/MRELEASE-937?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15081098#comment-15081098 ]
Michael Osipov commented on MRELEASE-937:
-----------------------------------------
Where is the bug?
> Git password is visible if commit fails
> ---------------------------------------
>
> Key: MRELEASE-937
> URL: https://issues.apache.org/jira/browse/MRELEASE-937
> Project: Maven Release Plugin
> Issue Type: Bug
> Components: Git
> Affects Versions: 2.5.2, 2.5.3
> Reporter: vishal sahasrabuddhe
> Priority: Critical
> Labels: security
>
> Git username and password is being visible during perform section when plugin tries to commit the file using SCM section repository.
> Here is the log.
> [INFO] Checking in modified POMs...
> [INFO] Executing: /bin/sh -c cd /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git add -- pom.xml
> [INFO] Working directory: /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
> [INFO] Executing: /bin/sh -c cd /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git rev-parse --show-toplevel
> [INFO] Working directory: /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
> [INFO] Executing: /bin/sh -c cd /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git status --porcelain .
> [INFO] Working directory: /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
> [WARNING] Ignoring unrecognized line: ?? pom.xml.releaseBackup
> [WARNING] Ignoring unrecognized line: ?? release.properties
> [WARNING] Ignoring unrecognized line: ?? target/
> [INFO] Executing: /bin/sh -c cd /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git commit --verbose -F /tmp/maven-scm-859671901.commit pom.xml
> [INFO] Working directory: /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
> [INFO] Executing: /bin/sh -c cd /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git symbolic-ref HEAD
> [INFO] Working directory: /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
> [INFO] Executing: /bin/sh -c cd /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git push https://releasebot:********@gitlab.something.com/sandbox/data-ingestion-dco.git refs/heads/master:refs/heads/master
> [INFO] Working directory: /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD FAILURE
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 8.856 s (Wall Clock)
> [INFO] Finished at: 2016-01-04T08:15:04+00:00
> [INFO] Final Memory: 17M/484M
> [INFO] ------------------------------------------------------------------------
> [ERROR] Failed to execute goal org.apache.maven.plugins:maven-release-plugin:2.5.3:prepare (default-cli) on project qubole_python: Unable to commit files
> [ERROR] Provider message:
> [ERROR] The git-push command failed.
> [ERROR] Command output:
> [ERROR] remote: Not Found
> [ERROR] fatal: repository 'https://releasebot:abc@123@gitlab.something.com/sandbox/data-ingestion-dco.git/' not found
> [ERROR] -> [Help 1]
> [ERROR]
> [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
> [ERROR] Re-run Maven using the -X switch to enable full debug logging.
> [ERROR]
> [ERROR] For more information about the errors and possible solutions, please read the following articles:
> So, i can see password "abc@123" here.
> I am using maven Apache Maven 3.3.9
> tried with maven release plugin 2.5.3 and 2.5.2 both but no luck.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)