ruby-changes:67467
From: Matt <ko1@a...>
Date: Tue, 31 Aug 2021 19:07:42 +0900 (JST)
Subject: [ruby-changes:67467] 2aed061384 (master): [rubygems/rubygems] Correctly redact credentials when using x-oauth-basic
https://git.ruby-lang.org/ruby.git/commit/?id=2aed061384 From 2aed061384f68b10d8a4a973009512cb57999c63 Mon Sep 17 00:00:00 2001 From: Matt Larraz <mlarraz@u...> Date: Thu, 19 Aug 2021 16:12:04 -0400 Subject: [rubygems/rubygems] Correctly redact credentials when using x-oauth-basic https://github.com/rubygems/rubygems/commit/290b6ab078 --- lib/bundler/settings.rb | 10 +++++++++- spec/bundler/bundler/env_spec.rb | 14 ++++++++++++++ spec/bundler/commands/config_spec.rb | 8 ++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/lib/bundler/settings.rb b/lib/bundler/settings.rb index abf7db2..450f57e 100644 --- a/lib/bundler/settings.rb +++ b/lib/bundler/settings.rb @@ -419,7 +419,15 @@ module Bundler https://github.com/ruby/ruby/blob/trunk/lib/bundler/settings.rb#L419 elsif is_credential(key) "[REDACTED]" elsif is_userinfo(converted) - converted.gsub(/:.*$/, ":[REDACTED]") + username, pass = converted.split(":") + + if pass == "x-oauth-basic" + username = "[REDACTED]" + else + pass = "[REDACTED]" + end + + [username, pass].join(":") else converted end diff --git a/spec/bundler/bundler/env_spec.rb b/spec/bundler/bundler/env_spec.rb index 5d3aeec..a6f4b2b 100644 --- a/spec/bundler/bundler/env_spec.rb +++ b/spec/bundler/bundler/env_spec.rb @@ -127,6 +127,20 @@ RSpec.describe Bundler::Env do https://github.com/ruby/ruby/blob/trunk/spec/bundler/bundler/env_spec.rb#L127 end end + context "when there's bundler config with OAuth token credentials" do + before do + bundle "config set https://localgemserver.test/ api_token:x-oauth-basic" + end + + let(:output) { described_class.report(:print_gemfile => true) } + + it "prints the config with redacted values" do + expect(output).to include("https://localgemserver.test") + expect(output).to include("[REDACTED]:x-oauth-basic") + expect(output).to_not include("api_token:x-oauth-basic") + end + end + context "when Gemfile contains a gemspec and print_gemspecs is true" do let(:gemspec) do strip_whitespace(<<-GEMSPEC) diff --git a/spec/bundler/commands/config_spec.rb b/spec/bundler/commands/config_spec.rb index 48f0cea..2d0a7dc 100644 --- a/spec/bundler/commands/config_spec.rb +++ b/spec/bundler/commands/config_spec.rb @@ -440,6 +440,14 @@ E https://github.com/ruby/ruby/blob/trunk/spec/bundler/commands/config_spec.rb#L440 expect(out).to eq "gems.myserver.com=user:password\nspec_run=true" end + it "list with API token credentials" do + bundle "config list", :env => { "BUNDLE_GEMS__MYSERVER__COM" => "api_token:x-oauth-basic" } + expect(out).to eq "Settings are listed in order of priority. The top value will be used.\ngems.myserver.com\nSet via BUNDLE_GEMS__MYSERVER__COM: \"[REDACTED]:x-oauth-basic\"\n\nspec_run\nSet via BUNDLE_SPEC_RUN: \"true\"" + + bundle "config list", :parseable => true, :env => { "BUNDLE_GEMS__MYSERVER__COM" => "api_token:x-oauth-basic" } + expect(out).to eq "gems.myserver.com=api_token:x-oauth-basic\nspec_run=true" + end + it "get" do ENV["BUNDLE_BAR"] = "bar_val" -- cgit v1.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/