diff options
author | Egor Tensin <Egor.Tensin@gmail.com> | 2021-03-29 15:33:10 +0300 |
---|---|---|
committer | Egor Tensin <Egor.Tensin@gmail.com> | 2021-03-29 15:33:10 +0300 |
commit | f720acd9795cd65001a110d59b6a940fc024e05e (patch) | |
tree | 871df5d2739f55596632012424efabcdd94de638 | |
parent | docs/auth.md: update (diff) | |
download | cgitize-f720acd9795cd65001a110d59b6a940fc024e05e.tar.gz cgitize-f720acd9795cd65001a110d59b6a940fc024e05e.zip |
don't leak access tokens on the command line
Diffstat (limited to '')
-rw-r--r-- | cgitize/cgit.py | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/cgitize/cgit.py b/cgitize/cgit.py index 177a5f0..8db5ef9 100644 --- a/cgitize/cgit.py +++ b/cgitize/cgit.py @@ -37,12 +37,22 @@ def setup_git_auth(repo): old_permissions = stat.S_IMODE(os.stat(config_path).st_mode) new_permissions = stat.S_IRUSR | stat.S_IWUSR # 0x600 os.chmod(config_path, new_permissions) - git('config', '--global', f'url.{repo.clone_url_with_auth}.insteadOf', repo.clone_url) + with open(config_path, encoding='utf-8', mode='r') as fd: + old_contents = fd.read() + else: + old_contents = '' + new_contents = f'''{old_contents} +[url "{repo.clone_url_with_auth}"] + insteadOf = {repo.clone_url} +''' + with open(config_path, encoding='utf-8', mode='w') as fd: + fd.write(new_contents) try: yield finally: if exists: - git('config', '--global', '--remove-section', f'url.{repo.clone_url_with_auth}.insteadOf') + with open(config_path, encoding='utf-8', mode='w') as fd: + fd.write(old_contents) os.chmod(config_path, old_permissions) else: os.unlink(config_path) |