Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-shell
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-shell
Commits
05dd7a00
Commit
05dd7a00
authored
Sep 11, 2014
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #175 from yglukhov/security-issue
Security issue: imported URLs are stored along with password.
parents
57865ae2
5287df54
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
20 additions
and
2 deletions
+20
-2
lib/gitlab_projects.rb
lib/gitlab_projects.rb
+20
-2
No files found.
lib/gitlab_projects.rb
View file @
05dd7a00
...
...
@@ -96,6 +96,20 @@ class GitlabProjects
FileUtils
.
rm_rf
(
full_path
)
end
def
mask_password_in_url
(
url
)
result
=
URI
(
url
)
result
.
password
=
"*****"
unless
result
.
password
.
nil?
result
rescue
url
end
def
remove_origin_in_repo
cmd
=
%W(git --git-dir=
#{
full_path
}
remote remove origin)
pid
=
Process
.
spawn
(
*
cmd
)
Process
.
wait
(
pid
)
end
# Import project via git clone --bare
# URL must be publicly cloneable
def
import_project
...
...
@@ -103,10 +117,11 @@ class GitlabProjects
return
false
if
File
.
exists?
(
full_path
)
@source
=
ARGV
.
shift
masked_source
=
mask_password_in_url
(
@source
)
# timeout for clone
timeout
=
(
ARGV
.
shift
||
120
).
to_i
$logger
.
info
"Importing project
#{
@project_name
}
from <
#{
@
source
}
> to <
#{
full_path
}
>."
$logger
.
info
"Importing project
#{
@project_name
}
from <
#{
masked_
source
}
> to <
#{
full_path
}
>."
cmd
=
%W(git clone --bare --
#{
@source
}
#{
full_path
}
)
pid
=
Process
.
spawn
(
*
cmd
)
...
...
@@ -116,7 +131,7 @@ class GitlabProjects
Process
.
wait
(
pid
)
end
rescue
Timeout
::
Error
$logger
.
error
"Importing project
#{
@project_name
}
from <
#{
@
source
}
> failed due to timeout."
$logger
.
error
"Importing project
#{
@project_name
}
from <
#{
masked_
source
}
> failed due to timeout."
Process
.
kill
(
'KILL'
,
pid
)
Process
.
wait
...
...
@@ -124,6 +139,9 @@ class GitlabProjects
false
else
self
.
class
.
create_hooks
(
full_path
)
# The project was imported successfully.
# Remove the origin URL since it may contain password.
remove_origin_in_repo
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment