Skip to content

Commit

Permalink
Redact index sources in uv.lock
Browse files Browse the repository at this point in the history
  • Loading branch information
charliermarsh committed Oct 18, 2024
1 parent e3e1403 commit 341c7dd
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 40 deletions.
84 changes: 46 additions & 38 deletions crates/uv-pypi-types/src/requirement.rs
Original file line number Diff line number Diff line change
Expand Up @@ -70,42 +70,42 @@ impl Requirement {
self.source.is_editable()
}

/// Remove any sensitive credentials from the requirement.
#[must_use]
pub fn redact(self) -> Requirement {
match self.source {
RequirementSource::Git {
mut repository,
reference,
precise,
subdirectory,
url,
} => {
// Redact the repository URL, but allow `git@`.
redact_credentials(&mut repository);

// Redact the PEP 508 URL.
let mut url = url.to_url();
redact_credentials(&mut url);
let url = VerbatimUrl::from_url(url);

Self {
name: self.name,
extras: self.extras,
marker: self.marker,
source: RequirementSource::Git {
repository,
reference,
precise,
subdirectory,
url,
},
origin: self.origin,
}
}
_ => self,
}
}
// /// Remove any sensitive credentials from the requirement.
// #[must_use]
// pub fn redact(self) -> Requirement {
// match self.source {
// RequirementSource::Git {
// mut repository,
// reference,
// precise,
// subdirectory,
// url,
// } => {
// // Redact the repository URL, but allow `git@`.
// redact_credentials(&mut repository);
//
// // Redact the PEP 508 URL.
// let mut url = url.to_url();
// redact_credentials(&mut url);
// let url = VerbatimUrl::from_url(url);
//
// Self {
// name: self.name,
// extras: self.extras,
// marker: self.marker,
// source: RequirementSource::Git {
// repository,
// reference,
// precise,
// subdirectory,
// url,
// },
// origin: self.origin,
// }
// }
// _ => self,
// }
// }

/// Convert the requirement to a [`Requirement`] relative to the given path.
pub fn relative_to(self, path: &Path) -> Result<Self, io::Error> {
Expand Down Expand Up @@ -614,7 +614,15 @@ enum RequirementSourceWire {
impl From<RequirementSource> for RequirementSourceWire {
fn from(value: RequirementSource) -> Self {
match value {
RequirementSource::Registry { specifier, index } => Self::Registry { specifier, index },
RequirementSource::Registry {
specifier,
mut index,
} => {
if let Some(index) = index.as_mut() {
redact_credentials(index);
}
Self::Registry { specifier, index }
}
RequirementSource::Url {
subdirectory,
location,
Expand All @@ -625,7 +633,7 @@ impl From<RequirementSource> for RequirementSourceWire {
subdirectory: subdirectory
.as_deref()
.and_then(Path::to_str)
.map(str::to_string),
.map(ToString::to_string),
},
RequirementSource::Git {
repository,
Expand Down
2 changes: 1 addition & 1 deletion crates/uv/tests/it/lock.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6501,7 +6501,7 @@ fn lock_redact_index_sources() -> Result<()> {
]

[package.metadata]
requires-dist = [{ name = "iniconfig", specifier = ">=2", index = "https://public:heron@pypi-proxy.fly.dev/basic-auth/simple" }]
requires-dist = [{ name = "iniconfig", specifier = ">=2", index = "https://pypi-proxy.fly.dev/basic-auth/simple" }]

[[package]]
name = "iniconfig"
Expand Down
2 changes: 1 addition & 1 deletion docs/configuration/indexes.md
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ Alternatively, credentials can be embedded directly in the index definition:
```toml
[[tool.uv.index]]
name = "internal"
url = "https://public:koala@https://pypi-proxy.corp.dev/simple"
url = "https://public:koala@pypi-proxy.corp.dev/simple"
```

For security purposes, credentials are _never_ stored in the `uv.lock` file; as such, uv _must_ have
Expand Down

0 comments on commit 341c7dd

Please sign in to comment.