| Issue |
109030
|
| Summary |
[gn] Git repository secrets may get exposed
|
| Labels |
new issue
|
| Assignees |
|
| Reporter |
tuliom
|
[This file](https://github.com/llvm/llvm-project/blob/main/llvm/utils/gn/build/write_vcsrevision.py#L74) may leak secrets about the Git repository URL, e.g. password or a Github Token, if the user does the mistake of cloning the a git repository from `https://user:[email protected]/myfork` or from `https://<Github Token>@github.com`.
There has been a [discussion on Discourse](https://discourse.llvm.org/t/rfc-avoid-exposing-unknown-git-repositories/80962) with valuable information on this.
![]()
_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
