diff options
author | Neels Hofmeyr <nhofmeyr@sysmocom.de> | 2016-10-01 02:08:36 +0200 |
---|---|---|
committer | Neels Hofmeyr <nhofmeyr@sysmocom.de> | 2016-10-01 02:08:36 +0200 |
commit | 7c274bc113b77973bac2f73eb876b86af9059fb6 (patch) | |
tree | b71df02a6fa36046c0b6740c88541b16a2ad818f | |
parent | b497b36543d2ed0fd0266cf42f8e4a908ee3ed10 (diff) |
coverity: don't leak the tokens in build logs
Change-Id: I560f411beaca31bf2001e92a5baaa0c53dc9ce27
-rwxr-xr-x | coverity/coverity_Osmocom.sh | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/coverity/coverity_Osmocom.sh b/coverity/coverity_Osmocom.sh index e835f18..a19acb3 100755 --- a/coverity/coverity_Osmocom.sh +++ b/coverity/coverity_Osmocom.sh @@ -15,8 +15,21 @@ cd "$src_dir" rm -f Osmocom.tgz tar czf Osmocom.tgz cov-int -curl \ - --form token="$($base_dir/get_token.sh $base_dir/tokens.txt Osmocom)" \ - --form email=holger@freyther.de --form file=@Osmocom.tgz \ - --form version=Version --form description=AutoUpload \ - https://scan.coverity.com/builds?project=Osmocom +# Don't leak the token to jenkins build logs, but still log the call: +# First compose the call to echo, then run with token inserted by 'eval'. +set +x + +curl_cmd='curl \ + --form token="$token" \ + --form email=holger@freyther.de --form file=@Osmocom.tgz \ + --form version=Version --form description=AutoUpload \ + https://scan.coverity.com/builds?project=Osmocom' +echo "$curl_cmd" + +token="$($base_dir/get_token.sh $base_dir/tokens.txt Osmocom)" +if [ -z "$token" ]; then + echo "TOKEN IS EMPTY" + exit 1 +fi + +eval "$curl_cmd" |