This is an automated email from the ASF dual-hosted git repository.
gurwls223 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push:
new 89bf2af [SPARK-34327][BUILD] Strip passwords from inlining into build
information while releasing
89bf2af is described below
commit 89bf2afb3337a44f34009a36cae16dd0ff86b353
Author: Prashant Sharma <[email protected]>
AuthorDate: Wed Feb 3 15:02:35 2021 +0900
[SPARK-34327][BUILD] Strip passwords from inlining into build information
while releasing
### What changes were proposed in this pull request?
Strip passwords from getting inlined into build information, inadvertently.
` https://user:passdomain/foo -> https://domain/foo`
### Why are the changes needed?
This can be a serious security issue, esp. during a release.
### Does this PR introduce _any_ user-facing change?
No.
### How was this patch tested?
Tested by executing the following command on both Mac OSX and Ubuntu.
```
echo url=$(git config --get remote.origin.url | sed
's|https://\(.*\)\(.*\)|https://\2|')
```
Closes #31436 from ScrapCodes/strip_pass.
Authored-by: Prashant Sharma <[email protected]>
Signed-off-by: HyukjinKwon <[email protected]>
---
build/spark-build-info | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build/spark-build-info b/build/spark-build-info
index ad0ec67..eb0e3d7 100755
--- a/build/spark-build-info
+++ b/build/spark-build-info
@@ -32,7 +32,7 @@ echo_build_properties() {
echo revision=$(git rev-parse HEAD)
echo branch=$(git rev-parse --abbrev-ref HEAD)
echo date=$(date -u +%Y-%m-%dT%H:%M:%SZ)
- echo url=$(git config --get remote.origin.url)
+ echo url=$(git config --get remote.origin.url | sed
's|https://\(.*\)@\(.*\)|https://\2|')
}
echo_build_properties $2 > "$SPARK_BUILD_INFO"
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
