[llvm] Avoid exposing unknown git repositories (PR #105220)
Petr Hosek via llvm-commits
llvm-commits at lists.llvm.org
Wed Aug 21 01:08:25 PDT 2024
================
@@ -39,8 +39,14 @@ function(get_source_info path revision repository)
OUTPUT_VARIABLE git_output
ERROR_QUIET)
if(git_result EQUAL 0)
- string(STRIP "${git_output}" git_output)
- set(${repository} ${git_output} PARENT_SCOPE)
+ # Avoid exposing sensitive data, e.g. usernames, passwords and
+ # private URLs.
+ string(FIND "${git_output}" "github.com/llvm/llvm-project" git_upstream)
+ if(git_upstream GREATER_EQUAL 0)
+ set(${repository} "https://github.com/llvm/llvm-project" PARENT_SCOPE)
+ else()
+ set(${repository} "forked repository" PARENT_SCOPE)
----------------
petrhosek wrote:
This may not necessarily be a fork in traditional sense (as in containing custom changes), it could be a mirror. I think in this case we should omit the repository altogether.
https://github.com/llvm/llvm-project/pull/105220
More information about the llvm-commits
mailing list