| 746 | } |
| 747 | |
| 748 | static void validate_remote_url(struct remote *remote) |
| 749 | { |
| 750 | int i; |
| 751 | const char *value; |
| 752 | struct strbuf redacted = STRBUF_INIT; |
| 753 | int warn_not_die; |
| 754 | |
| 755 | if (repo_config_get_string_tmp(the_repository, "transfer.credentialsinurl", &value)) |
| 756 | return; |
| 757 | |
| 758 | if (!strcmp("warn", value)) |
| 759 | warn_not_die = 1; |
| 760 | else if (!strcmp("die", value)) |
| 761 | warn_not_die = 0; |
| 762 | else if (!strcmp("allow", value)) |
| 763 | return; |
| 764 | else |
| 765 | die(_("unrecognized value transfer.credentialsInUrl: '%s'"), value); |
| 766 | |
| 767 | for (i = 0; i < remote->url.nr; i++) { |
| 768 | struct url_info url_info = { 0 }; |
| 769 | |
| 770 | if (!url_normalize(remote->url.v[i], &url_info) || |
| 771 | !url_info.passwd_off) |
| 772 | goto loop_cleanup; |
| 773 | |
| 774 | strbuf_reset(&redacted); |
| 775 | strbuf_add(&redacted, url_info.url, url_info.passwd_off); |
| 776 | strbuf_addstr(&redacted, "<redacted>"); |
| 777 | strbuf_addstr(&redacted, |
| 778 | url_info.url + url_info.passwd_off + url_info.passwd_len); |
| 779 | |
| 780 | if (warn_not_die) |
| 781 | warning(_("URL '%s' uses plaintext credentials"), redacted.buf); |
| 782 | else |
| 783 | die(_("URL '%s' uses plaintext credentials"), redacted.buf); |
| 784 | |
| 785 | loop_cleanup: |
| 786 | free(url_info.url); |
| 787 | } |
| 788 | |
| 789 | strbuf_release(&redacted); |
| 790 | } |
| 791 | |
| 792 | static struct remote * |
| 793 | remotes_remote_get_1(struct repository *repo, const char *name, |
no test coverage detected