From: Jeff King <peff@peff.net>
To: Jonathan Nieder <jrnieder@gmail.com>
Cc: Doron Behar <doron.behar@gmail.com>,
git@vger.kernel.org,
Nicolas Morey-Chaisemartin <nicolas@morey-chaisemartin.com>
Subject: Re: imap-send with gmail: curl_easy_perform() failed: URL using bad/illegal format or missing URL
Date: Wed, 29 Nov 2017 22:55:27 -0500 [thread overview]
Message-ID: <20171130035527.GB25577@sigill.intra.peff.net> (raw)
In-Reply-To: <20171130032832.GA25577@sigill.intra.peff.net>
On Wed, Nov 29, 2017 at 10:28:32PM -0500, Jeff King wrote:
> 2. Setting GIT_TRACE_CURL=1 may dump more verbose information. But one
> caveat: if you get as far as authenticating, then the trace will
> contain your password. We redact HTTP auth from the trace output,
> but not imap ones.
I tried my hand at a patch, but it ended up a lot more complicated than
I would have liked. Thoughts?
diff --git a/http.c b/http.c
index 713525f38e..fcc9001af6 100644
--- a/http.c
+++ b/http.c
@@ -560,7 +560,7 @@ static void set_curl_keepalive(CURL *c)
}
#endif
-static void redact_sensitive_header(struct strbuf *header)
+static void redact_http_header(struct strbuf *header)
{
const char *sensitive_header;
@@ -577,7 +577,60 @@ static void redact_sensitive_header(struct strbuf *header)
}
}
-static void curl_dump_header(const char *text, unsigned char *ptr, size_t size, int hide_sensitive_header)
+static void redact_imap_header(struct strbuf *header)
+{
+ const char *p;
+
+ /* skip past the command tag */
+ p = strchr(header->buf, ' ');
+ if (!p)
+ return; /* no tag */
+ p++;
+
+ if (skip_prefix(p, "AUTHENTICATE ", &p)) {
+ /* the first token is the auth type, which is OK to log */
+ while (*p && !isspace(*p))
+ p++;
+ /* the rest is an opaque blob; fall through to redact */
+ } else if (skip_prefix(p, "LOGIN ", &p)) {
+ /* fall through to redact both login and password */
+ } else {
+ /* not a sensitive header */
+ return;
+ }
+
+ strbuf_setlen(header, p - header->buf);
+ strbuf_addstr(header, " <redacted>");
+}
+
+static void redact_sensitive_header(CURL *handle, struct strbuf *header)
+{
+ const char *url;
+ int ret;
+
+ ret = curl_easy_getinfo(handle, CURLINFO_EFFECTIVE_URL, &url);
+ if (!ret && url) {
+ if (starts_with(url, "http")) {
+ redact_http_header(header);
+ return;
+ }
+ if (starts_with(url, "imap")) {
+ redact_imap_header(header);
+ return;
+ }
+ }
+
+ /*
+ * We weren't able to figure out the protocol. Err on the side of
+ * redacting too much.
+ */
+ redact_http_header(header);
+ redact_imap_header(header);
+}
+
+static void curl_dump_header(CURL *handle, const char *text,
+ unsigned char *ptr, size_t size,
+ int hide_sensitive_header)
{
struct strbuf out = STRBUF_INIT;
struct strbuf **headers, **header;
@@ -591,7 +644,7 @@ static void curl_dump_header(const char *text, unsigned char *ptr, size_t size,
for (header = headers; *header; header++) {
if (hide_sensitive_header)
- redact_sensitive_header(*header);
+ redact_sensitive_header(handle, *header);
strbuf_insert((*header), 0, text, strlen(text));
strbuf_insert((*header), strlen(text), ": ", 2);
strbuf_rtrim((*header));
@@ -641,7 +694,7 @@ static int curl_trace(CURL *handle, curl_infotype type, char *data, size_t size,
break;
case CURLINFO_HEADER_OUT:
text = "=> Send header";
- curl_dump_header(text, (unsigned char *)data, size, DO_FILTER);
+ curl_dump_header(handle, text, (unsigned char *)data, size, DO_FILTER);
break;
case CURLINFO_DATA_OUT:
text = "=> Send data";
@@ -653,7 +706,7 @@ static int curl_trace(CURL *handle, curl_infotype type, char *data, size_t size,
break;
case CURLINFO_HEADER_IN:
text = "<= Recv header";
- curl_dump_header(text, (unsigned char *)data, size, NO_FILTER);
+ curl_dump_header(handle, text, (unsigned char *)data, size, NO_FILTER);
break;
case CURLINFO_DATA_IN:
text = "<= Recv data";
next prev parent reply other threads:[~2017-11-30 3:55 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-29 17:13 imap-send with gmail: curl_easy_perform() failed: URL using bad/illegal format or missing URL Doron Behar
2017-11-30 2:04 ` Jonathan Nieder
2017-11-30 3:28 ` Jeff King
2017-11-30 3:55 ` Jeff King [this message]
2017-11-30 9:39 ` Nicolas Morey-Chaisemartin
2017-11-30 9:46 ` Daniel Stenberg
2017-11-30 9:51 ` Nicolas Morey-Chaisemartin
2017-11-30 9:55 ` Daniel Stenberg
2017-11-30 9:47 ` Nicolas Morey-Chaisemartin
2017-11-30 10:07 ` [PATCH] imap-send: URI encode server folder Nicolas Morey-Chaisemartin
2017-11-30 17:53 ` Eric Sunshine
2017-12-05 15:30 ` Junio C Hamano
2017-12-18 18:25 ` [PATCH v2] " Kaartic Sivaraam
2017-12-18 18:48 ` Eric Sunshine
2017-12-18 19:11 ` [PATCH v3] " Kaartic Sivaraam
2017-12-18 22:19 ` Jonathan Nieder
2017-12-18 22:32 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171130035527.GB25577@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=doron.behar@gmail.com \
--cc=git@vger.kernel.org \
--cc=jrnieder@gmail.com \
--cc=nicolas@morey-chaisemartin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).