Hello,
I often use svn_load_dirs.pl in a script to load several huge third
party libraries into our SVN repo. This repository uses LDAP
authentication with https and I do not want my password popping up at
times on the console executing the script (for several hours).
Hence my second patch, that hides the password printed to screen with
stars (*). It does that by passing the array of arguments containing
the password to a function sanitize_pwd before printing it. This
function searches for '--password' and hides the following word.
I digress a bit, but my scripts using svn_load_dirs.pl (themselves in
a SVN repo) ask for username/password so that they do not expose
sensitive information. Password is prompted either with `read -s` for
the bash script, or with this SO answer for the batch version:
http://stackoverflow.com/a/20343074/3628160
Please find my patch below. Besides defining sanitize_pwd and changing
the print call sites the attached version of the patch also replaces
the few tabs in source by spaces (as I realized gmail edits the tabs I
omitted this part from the version below, which apart from that
fulfils its duty).
Best regards,
Geoffrey
--- contrib/client-side/svn_load_dirs/svn_load_dirs.pl.in
+++ contrib/client-side/svn_load_dirs/svn_load_dirs.pl.in
@@ -1499,6 +1499,18 @@ sub file_info
return '?';
}
+# Copy arguments and replace what follows --password with '*'s.
+sub sanitize_pwd
+{
+ my @str = @_ ;
+ my $hide_next = 0 ;
+ foreach(@str) {
+ $_ = '*' x length if ( $hide_next ) ;
+ $hide_next = ($_ eq '--password') ;
+ }
+ @str
+}
+
# Start a child process safely without using /bin/sh.
sub safe_read_from_pipe
{
@@ -1510,7 +1522,7 @@ sub safe_read_from_pipe
my $openfork_available = "MSWin32" ne $OSNAME;
if ($openfork_available)
{
- print "Running @_\n";
+ print join(' ', &sanitize_pwd("Running", @_, "\n") );
my $pid = open(SAFE_READ, "-|");
unless (defined $pid)
{
@@ -1522,7 +1534,9 @@ sub safe_read_from_pipe
open(STDERR, ">&STDOUT")
or die "$0: cannot dup STDOUT: $!\n";
exec(@_)
- or die "$0: cannot exec '@_': $!\n";
+ or die "$0: cannot exec '"
+ . join(' ', &sanitize_pwd(@_) )
+ . "': $!\n";
}
}
else
@@ -1559,7 +1573,7 @@ sub safe_read_from_pipe
}
}
- print "Running @commandline\n";
+ print join(' ', &sanitize_pwd("Running", @commandline, "\n") );
if ( $comment ) { print $comment; }
# Now do the pipe.
@@ -1581,7 +1595,9 @@ sub safe_read_from_pipe
my $cd = $result & 128 ? "with core dump" : "";
if ($signal or $cd)
{
- warn "$0: pipe from '@_' failed $cd: exit=$exit signal=$signal\n";
+ warn "$0: pipe from '"
+ . join(' ', &sanitize_pwd(@_) )
+ . "' failed $cd: exit=$exit signal=$signal\n";
}
if (wantarray)
{
@@ -1604,8 +1620,9 @@ sub read_from_process
my ($status, @output) = &safe_read_from_pipe(@_);
if ($status)
{
- print STDERR "$0: @_ failed with this output:\n", join("\n", @output),
- "\n";
+ print STDERR
+ join(' ', &sanitize_pwd("$0:", @_, "failed with this output:\n") ),
+ join("\n", @output), "\n";
unless ($opt_no_user_input)
{
print STDERR
Received on 2014-12-20 02:43:41 CET