Project

General

Profile

Actions

Bug #22660

closed

a-c-r can leak credentials if present in the git repo URL

Added by Peter Amstutz 3 days ago. Updated 1 day ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
CWL
Target version:
Story points:
-
Release relationship:
Auto

Description

Reported by user: some git services use HTTP basic auth with the username and password or API token embedded in the repo URL. The arvados-cwl-runner feature that records git metadata will leak this by accident. If the URL starts with http or https it should filter out the username/password portion of the URL.


Subtasks 1 (0 open1 closed)

Task #22664: Review 22660-acr-cred-leakResolvedPeter Amstutz03/13/2025Actions
Actions

Also available in: Atom PDF