[llvm] Avoid exposing unknown git repositories (PR #105220)

Tulio Magno Quites Machado Filho via llvm-commits llvm-commits at lists.llvm.org
Tue Aug 20 11:29:54 PDT 2024 

https://github.com/tuliom created https://github.com/llvm/llvm-project/pull/105220

Restrict the URL that is exposed to the official LLVM repository at Github in order to avoid exposing usernames, passwords or even private URLS unintentionally.

Users willing to expose different Git repositories can continue to do so by setting LLVM_FORCE_VC_REPOSITORY or CLANG_REPOSITORY_STRING.

>From 0b7370329f0dc9da9f89287644c493f3fa4c9c60 Mon Sep 17 00:00:00 2001
From: Tulio Magno Quites Machado Filho <tuliom at redhat.com>
Date: Mon, 5 Aug 2024 14:29:11 -0300
Subject: [PATCH] Avoid exposing unknown git repositories

Restrict the URL that is exposed to the official LLVM repository at
Github in order to avoid exposing usernames, passwords or even private
URLS unintentionally.

Users willing to expose different Git repositories can continue to do so
by setting LLVM_FORCE_VC_REPOSITORY or CLANG_REPOSITORY_STRING.
---
 llvm/cmake/modules/VersionFromVCS.cmake | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/llvm/cmake/modules/VersionFromVCS.cmake b/llvm/cmake/modules/VersionFromVCS.cmake
index 18edbeabe3e4b5..a0068c5f725517 100644
--- a/llvm/cmake/modules/VersionFromVCS.cmake
+++ b/llvm/cmake/modules/VersionFromVCS.cmake
@@ -39,8 +39,14 @@ function(get_source_info path revision repository)
         OUTPUT_VARIABLE git_output
         ERROR_QUIET)
       if(git_result EQUAL 0)
-        string(STRIP "${git_output}" git_output)
-        set(${repository} ${git_output} PARENT_SCOPE)
+        # Avoid exposing sensitive data, e.g. usernames, passwords and
+        # private URLs.
+        string(FIND "${git_output}" "github.com/llvm/llvm-project" git_upstream)
+        if(git_upstream GREATER_EQUAL 0)
+          set(${repository} "https://github.com/llvm/llvm-project" PARENT_SCOPE)
+        else()
+          set(${repository} "forked repository" PARENT_SCOPE)
+        endif()
       else()
         set(${repository} ${path} PARENT_SCOPE)
       endif()

More information about the llvm-commits mailing list