Closed
Description
Github allows usage of personal access tokens with remote URLs in the format:
https://<token>@github.com/owner/repo.git
or
https://<token>:x-oauth-basic@github.com/owner/repo.git
If such URL is used with Remote
, if some error related to the access happens, it (in the example below token is foobar
) can be leaked via exception message, like the following:
Traceback (most recent call last):
File "start.py", line 119, in <module>
sys.exit(run_main())
...
git.exc.GitCommandError: Cmd('git') failed due to: exit code(128)
cmdline: git push --set-upstream --force ....
stderr: 'remote: some error.
fatal: unable to access 'https://foobar:x-oauth-basic@github.com/FooBarCorp/some-repo/': The requested URL returned error: 403'
It would be nice to have internal mechanism to prevent such leakage.