Security: GitHub token embedded in clone URL may leak credentials#340
Conversation
The repository cloning logic constructs an HTTPS URL containing the raw GitHub token (`https://<token>@github.com/...`). Tokens embedded in URLs can leak through process listings, crash logs, shell history, proxy logs, or be persisted in `.git/config` as the remote origin URL. Affected files: file_management.py Signed-off-by: tuanaiseo <221258316+tuanaiseo@users.noreply.github.com>
|
Thanks for flagging this. I agree that embedding the GitHub token in the clone URL is not ideal, especially because it can be persisted into the cloned repository's remote URL or appear in logs/errors. I do not think this PR is ready to merge in its current form, though:
After those points are addressed, this should be much safer to review again. |
Problem
The repository cloning logic constructs an HTTPS URL containing the raw GitHub token (
https://<token>@github.com/...). Tokens embedded in URLs can leak through process listings, crash logs, shell history, proxy logs, or be persisted in.git/configas the remote origin URL.Severity:
highFile:
evaluation/utils/file_management.pySolution
Avoid embedding credentials in URLs. Use Git credential helpers,
GIT_ASKPASS, or authenticated headers/SSH deploy keys. If HTTPS tokens must be used, ensure they are not persisted in remotes and scrub/redact them from all logs.Changes
evaluation/utils/file_management.py(modified)Testing