[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] svn_load_dirs.pl: hide passwords printed to screen

From: Geoffrey Alary <geoffrey.alary_at_gmail.com>
Date: Sat, 20 Dec 2014 10:40:39 +0900

Hello,

I often use svn_load_dirs.pl in a script to load several huge third
party libraries into our SVN repo. This repository uses LDAP
authentication with https and I do not want my password popping up at
times on the console executing the script (for several hours).

Hence my second patch, that hides the password printed to screen with
stars (*). It does that by passing the array of arguments containing
the password to a function sanitize_pwd before printing it. This
function searches for '--password' and hides the following word.

I digress a bit, but my scripts using svn_load_dirs.pl (themselves in
a SVN repo) ask for username/password so that they do not expose
sensitive information. Password is prompted either with `read -s` for
the bash script, or with this SO answer for the batch version:
http://stackoverflow.com/a/20343074/3628160

Please find my patch below. Besides defining sanitize_pwd and changing
the print call sites the attached version of the patch also replaces
the few tabs in source by spaces (as I realized gmail edits the tabs I
omitted this part from the version below, which apart from that
fulfils its duty).

Best regards,
Geoffrey

--- contrib/client-side/svn_load_dirs/svn_load_dirs.pl.in
+++ contrib/client-side/svn_load_dirs/svn_load_dirs.pl.in
@@ -1499,6 +1499,18 @@ sub file_info
   return '?';
 }

+# Copy arguments and replace what follows --password with '*'s.
+sub sanitize_pwd
+{
+ my @str = @_ ;
+ my $hide_next = 0 ;
+ foreach(@str) {
+ $_ = '*' x length if ( $hide_next ) ;
+ $hide_next = ($_ eq '--password') ;
+ }
+ @str
+}
+
 # Start a child process safely without using /bin/sh.
 sub safe_read_from_pipe
 {
@@ -1510,7 +1522,7 @@ sub safe_read_from_pipe
   my $openfork_available = "MSWin32" ne $OSNAME;
   if ($openfork_available)
     {
- print "Running @_\n";
+ print join(' ', &sanitize_pwd("Running", @_, "\n") );
       my $pid = open(SAFE_READ, "-|");
       unless (defined $pid)
         {
@@ -1522,7 +1534,9 @@ sub safe_read_from_pipe
           open(STDERR, ">&STDOUT")
             or die "$0: cannot dup STDOUT: $!\n";
           exec(@_)
- or die "$0: cannot exec '@_': $!\n";
+ or die "$0: cannot exec '"
+ . join(' ', &sanitize_pwd(@_) )
+ . "': $!\n";
         }
     }
   else
@@ -1559,7 +1573,7 @@ sub safe_read_from_pipe
             }
         }

- print "Running @commandline\n";
+ print join(' ', &sanitize_pwd("Running", @commandline, "\n") );
       if ( $comment ) { print $comment; }

       # Now do the pipe.
@@ -1581,7 +1595,9 @@ sub safe_read_from_pipe
   my $cd = $result & 128 ? "with core dump" : "";
   if ($signal or $cd)
     {
- warn "$0: pipe from '@_' failed $cd: exit=$exit signal=$signal\n";
+ warn "$0: pipe from '"
+ . join(' ', &sanitize_pwd(@_) )
+ . "' failed $cd: exit=$exit signal=$signal\n";
     }
   if (wantarray)
     {
@@ -1604,8 +1620,9 @@ sub read_from_process
   my ($status, @output) = &safe_read_from_pipe(@_);
   if ($status)
     {
- print STDERR "$0: @_ failed with this output:\n", join("\n", @output),
- "\n";
+ print STDERR
+ join(' ', &sanitize_pwd("$0:", @_, "failed with this output:\n") ),
+ join("\n", @output), "\n";
       unless ($opt_no_user_input)
         {
           print STDERR

Received on 2014-12-20 02:43:41 CET

This is an archived mail posted to the Subversion Dev mailing list.