From c3b461d164e54cd97c5f7daa3c92efd50df1a435 Mon Sep 17 00:00:00 2001
From: fffunke <50409802+fffunke@users.noreply.github.com>
Date: Thu, 13 Jun 2019 12:03:29 +0200
Subject: [PATCH] do not write plain password in protodep config

---
 logger/logger.go  | 14 ++++++++++++++
 protodep.lock     | 20 ++++++++++++++++++++
 repository/git.go |  7 ++++---
 service/sync.go   |  7 +++----
 4 files changed, 41 insertions(+), 7 deletions(-)
 create mode 100644 protodep.lock

diff --git a/logger/logger.go b/logger/logger.go
index d0d6b0c..de300a5 100644
--- a/logger/logger.go
+++ b/logger/logger.go
@@ -2,6 +2,7 @@ package logger
 
 import (
 	"fmt"
+	"strings"
 	"time"
 
 	"github.com/briandowns/spinner"
@@ -25,6 +26,19 @@ func (s *spinnerWrapper) Finish() {
 	fmt.Print("\n")
 }
 
+func CensorHttpsPassword(url string) string {
+	path := strings.Split(url, "@")
+
+	if len(path) == 1 {
+		return url
+	}
+	cred := strings.Split(path[0], ":")
+	cred[2] = "xxxxxx"
+	compCred := strings.Join(cred, ":")
+
+	return compCred + "@" + path[1]
+}
+
 func InfoWithSpinner(format string, a ...interface{}) *spinnerWrapper {
 	s := spinner.New(spinner.CharSets[38], 100*time.Millisecond) // Build our new spinner
 	txt := color.GreenString("[INFO] "+format, a...)
diff --git a/protodep.lock b/protodep.lock
new file mode 100644
index 0000000..b8e1b72
--- /dev/null
+++ b/protodep.lock
@@ -0,0 +1,20 @@
+proto_outdir = "./proto"
+
+[[dependencies]]
+  target = "github.com/protocolbuffers/protobuf"
+  revision = "36cd11a2bf3593427a54ccca3254351dd577be48"
+  branch = "master"
+  path = ""
+
+[[dependencies]]
+  target = "github.com/grpc-ecosystem/grpc-gateway"
+  revision = "e6f18d33a7b3bfa5b94f3d5fb513252184ce2d90"
+  branch = ""
+  path = "grpc-gateway/examplepb"
+
+[[dependencies]]
+  target = "github.com/kubernetes/helm"
+  revision = "3bd6e9fcf0de8827fa949c9440dd341bf548fc23"
+  branch = ""
+  path = ""
+  ignores = ["./release", "./rudder", "./services", "./version"]
diff --git a/repository/git.go b/repository/git.go
index d7c4665..f5b2af3 100644
--- a/repository/git.go
+++ b/repository/git.go
@@ -44,9 +44,10 @@ func (r *GitHubRepository) fetchRepository(repopath string) (*git.Repository, er
 	var rep *git.Repository
 
 	if stat, err := os.Stat(repopath); err == nil && stat.IsDir() {
-		spinner := logger.InfoWithSpinner("Getting in existing dir %s ", reponame)
+		spinner := logger.InfoWithSpinner("Getting in existing dir %s ", logger.CensorHttpsPassword(reponame))
 
 		rep, err = git.PlainOpen(repopath)
+
 		if err != nil {
 			return nil, errors.Wrap(err, "open repository is failed")
 		}
@@ -64,7 +65,7 @@ func (r *GitHubRepository) fetchRepository(repopath string) (*git.Repository, er
 		spinner.Finish()
 
 	} else {
-		spinner := logger.InfoWithSpinner("Getting new Repo %s ", reponame)
+		spinner := logger.InfoWithSpinner("Getting new Repo %s ", logger.CensorHttpsPassword(reponame))
 		rep, err = git.PlainClone(repopath, false, &git.CloneOptions{
 			Auth: r.authProvider.AuthMethod(),
 			URL:  r.authProvider.GetRepositoryURL(reponame),
@@ -115,7 +116,7 @@ func (r *GitHubRepository) Open() (*OpenedRepository, error) {
 	}
 
 	reponame := r.dep.Repository()
-	repopath := filepath.Join(r.protodepDir, reponame)
+	repopath := filepath.Join(r.protodepDir, logger.CensorHttpsPassword(reponame))
 
 	rep, err := r.fetchRepository(repopath)
 	if err != nil {
diff --git a/service/sync.go b/service/sync.go
index c23786e..438e78c 100644
--- a/service/sync.go
+++ b/service/sync.go
@@ -113,7 +113,7 @@ func (s *SyncImpl) getAuthProvider(rewrittenGitRepo string, repoURL *url.URL, de
 
 		dep.Target = rewrittenGitRepo + repoURL.Path
 
-		logger.Info("... rewriting to '%s'", dep.Target)
+		logger.Info("... rewriting to '%s'", logger.CensorHttpsPassword(dep.Target))
 
 		if rewrittenGitRepoURL.Scheme == "ssh" {
 			authProvider = s.authProviderSSH
@@ -140,7 +140,7 @@ func (s *SyncImpl) getNewDeps(protodep *dependency.ProtoDep, outdir string) (*[]
 
 		depRepoURL, err := url.Parse("https://" + dep.Target)
 		if err != nil {
-			logger.Error("failed to parse dep Target '%s'", dep.Target)
+			logger.Error("failed to parse dep Target '%s'", logger.CensorHttpsPassword(dep.Target))
 			return nil, err
 		}
 
@@ -174,7 +174,7 @@ func (s *SyncImpl) getNewDeps(protodep *dependency.ProtoDep, outdir string) (*[]
 			}
 		}
 
-		logger.Info("using %v as authentication for repo %s", reflect.TypeOf(authProvider), dep.Target)
+		logger.Info("using %v as authentication for repo %s", reflect.TypeOf(authProvider), logger.CensorHttpsPassword(dep.Target))
 		gitRepo := repository.NewGitRepository(protoDepCachePath, dep, authProvider)
 
 		repo, err := gitRepo.Open()
@@ -186,7 +186,6 @@ func (s *SyncImpl) getNewDeps(protodep *dependency.ProtoDep, outdir string) (*[]
 
 		for _, s := range sources {
 			outpath := filepath.Join(outdir, dep.Path, s.relativeDest)
-
 			content, err := ioutil.ReadFile(s.source)
 			if err != nil {
 				return nil, err