ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 43330] New: - Proposal to hide password in AbstractCvsTask when showing failed command.
Date Fri, 07 Sep 2007 19:33:11 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43330>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43330

           Summary: Proposal to hide password in AbstractCvsTask when
                    showing failed command.
           Product: Ant
           Version: 1.7.0
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core tasks
        AssignedTo: dev@ant.apache.org
        ReportedBy: dario.mx@gmail.com


Hallo,

I found more practical to include the password as part of the CVS url than using
the cvspass file (manually or through ant task). It works fine for me, but I am
a bit worried because when the command fails for some reason, the cvs task
prints a message like this:

-----------------------------------------------------------------------
checkout:
      [cvs] Fatal error, aborting.
      [cvs] dummyuser: no such user

BUILD FAILED
/tmp/.newdeploy/deployServer/chacaDeploy/scripts/deploy.xml:13: The following
error occurred while executing this line:
/tmp/.newdeploy/deployServer/chacaDeploy/scripts/deployCommon.xml:30: cvs exited
with error code 1
Command line was [Executing 'cvs' with arguments:
'-d:pserver:dummyuser:dummypwd@some.cvsserver.com:/usr/local/cvsroot'
'checkout'
'-P'
'pps_build/version'
'pps_build/chacaDeploy'

The ' characters around the executable and arguments are
not part of the command.
]
-----------------------------------------------------------------------

As you can see, the password is shown (given it was included in the CVS url). I
solved the problem by doing a little local hack, in order to hide the cvs
password (if it was there). I was thinking that it may be a good addition to the
code base. In general, is not useful not print the password ;-]

The change is the following (AbstractCvsTask.java):

In the runCommand method, I changed the section where the failure is printed
(the addition was only the call to hidePassword):

  /*Throw an exception if cvs exited with error. (Iulian)*/
            if (failOnError && Execute.isFailure(retCode)) {
                throw new BuildException("cvs exited with error code "
                                         + retCode
                                         + StringUtils.LINE_SEP
                                         + "Command line was ["
                                         + hidePassword(actualCommandLine) + "]",
                                         getLocation());
            }

Where "hidePassword" is defined by:

  /**
   *  Hides password from command line.
   *
   *  It could the the case that a password in plain form was used as
   *  part of the CVS url; if that is the case, hide it by replacing
   *  with a dummy string.
   *
   *  The pattern where the password can occurs is something like
   *  this: 
   *
   *  -d:pserver:user:pwd@cvs.server.com:/usr/local/cvsroot
   *
   *  @param The CVS command line
   */
  private String hidePassword(String cmd)
  {
    return
      cmd.replaceAll("-d:([^:]+):([^:]+):([^:]+)@([^:]+):(.*)", 
                     "-d:$1:$2:<hidden password>@$4:$5");
  }


My boss does not like my hack, because it is not official ant release. Given
that, I will need to use cvs password file, but maybe in the near future ant
could have this addition?

Thanks in advance.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message