Faulty svn commandline is generated for passwords containing special chars

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Critical Critical
  • Resolution: Fixed
  • Affects Version/s: 1.0
  • Fix Version/s: 1.1
  • Component/s: maven-scm-provider-svn
  • Labels:
    None
  • Environment:
    All
  • Complexity:
    Intermediate
  • Patch Submitted:
    Yes

Description

If i use a svn password containing a semicolon with the maven-scm-provider-svnexe, the commandline generated by SvnCommandlineUtils is faulty, because
the password is not quoted. Passwords containing other special chars might cause problems too.

Solution: Enclosing the password for the commandline in single quotes solves this problem.
I have attached a patch for SvnCommandlineUtils that fixes this issue.

Issue Links

depends upon

Bug - A problem which impairs or prevents the functions of the product. PLXUTILS-78 BourneShell doesn't quote arguments containing ; and &

  • Blocker - Blocks development and/or testing work, production could not run
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.
is duplicated by

Bug - A problem which impairs or prevents the functions of the product. CONTINUUM-1360 Prepended semicolon in svn password does not work

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Rahul Thakur added a comment -

I haven't tried this but shouldn't this be escaped with a backslash '\' character rather than using single quotes.

What happens if the password itself contains a single quote?

Show
Rahul Thakur added a comment - I haven't tried this but shouldn't this be escaped with a backslash '\' character rather than using single quotes. What happens if the password itself contains a single quote?
Hide
Permalink
Michael Koch added a comment -

Single quoting the whole password is easier that checking for special chars and quoting them individually. Nevertheless, as you probably assumed, any single quotes in the password will still need to be quoted.

I guess that this problem also applies to the user name. Perhaps all arguments should be quoted to be on the safe side.

Show
Michael Koch added a comment - Single quoting the whole password is easier that checking for special chars and quoting them individually. Nevertheless, as you probably assumed, any single quotes in the password will still need to be quoted. I guess that this problem also applies to the user name. Perhaps all arguments should be quoted to be on the safe side.
Hide
Permalink
Michael Koch added a comment -

The class org.codehaus.plexus.util.cli.Commandline, which is used by SvnCommandLineUtils, has a method quoteArgument which could be used for this.

Show
Michael Koch added a comment - The class org.codehaus.plexus.util.cli.Commandline, which is used by SvnCommandLineUtils, has a method quoteArgument which could be used for this.
Hide
Permalink
Olivier Lamy added a comment -

fixed in p-u, look PLXUTILS-78
Upgrade to last p-u in rev 667245

Show
Olivier Lamy added a comment - fixed in p-u, look PLXUTILS-78 Upgrade to last p-u in rev 667245
Hide
Permalink
Olivier Lamy added a comment -

Upgrade to last p-u fix the issue (tested on solaris env)

Show
Olivier Lamy added a comment - Upgrade to last p-u fix the issue (tested on solaris env)

People

  • Assignee:
    Olivier Lamy
    Reporter:
    Jan Lisse
Vote (2)
Watch (2)

Dates

  • Created:
    Updated:
    Resolved: