<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/109030>109030</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [gn] Git repository secrets may get exposed
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          tuliom
      </td>
    </tr>
</table>

<pre>
    [This file](https://github.com/llvm/llvm-project/blob/main/llvm/utils/gn/build/write_vcsrevision.py#L74) may leak secrets about the Git repository URL, e.g. password or a Github Token, if the user does the mistake of cloning the a git repository from `https://user:password@private.url.com/myfork` or from `https://<Github Token>@github.com`.

There has been a [discussion on Discourse](https://discourse.llvm.org/t/rfc-avoid-exposing-unknown-git-repositories/80962) with valuable information on this.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJyUU01zmzAQ_TXismNGFsaGA4ckrnvJqZOeOxJaYGshefSB63_fEY2TppNLLzDSPq2e3nsrQ6DRInasfmT1sZApTs53MRlyc6GcvuXKy0QBBjLI6iMTzRTjJbDqgYkTE6eR4pRU2buZiZMxy_23uXj3E_vIxEkZp5g4zZLsOyZFMiGfz3sqkdFMnK6eIv5Y-uBxoUDOlpcbE9XzYcdEC7O8gUF5hoC9xxhAKpcixAnhK0XweHGBovM3-P7tmYknwHIs4SJDuDqvwXmQGTglBS_ujDZDaFjPp4AetMOwrmYKUZ4R3AC9cZbsuG5LGD9eM3g3A9vzj4rkXqx6uN_LdvziaZERy-TNq1DzbXD-zPY8s_q8DauePpCtvrAd_0vtPS8ZPzL-8Of7MqFHmGQAhWhBAqsfNYU-hawjOAtHCr1LPnxqo74Xy-xP6fzIxCmb54d-IxdHeoO_8sPtuEn2bN3VbkaKmzc1CLObDW_3Int1pTjBIk2SyiCQHZyfZXxlEicKZaG7SrdVKwvstgexr9v20Ihi6g5VMzRSc12J3bblh0ZxjW1Tif6g9o3cF9QJLna83R62La-4KHVV623PBQpRq75p2Y7jLMm8vaWgEBJ2W57xhZEKTVgzL4TFK6xVJkQeAd-t6VVpDGzHDYUY3ttEimYdltGy-vhv6u6xzDkdMcIqGOoiedP999CsnLKkr6SXTvwOAAD__9EVNq0">