coverity: don't leak the tokens in build logs

Change-Id: I560f411beaca31bf2001e92a5baaa0c53dc9ce27
author: Neels Hofmeyr <nhofmeyr@sysmocom.de> 2016-10-01 02:08:36 +0200
committer: Neels Hofmeyr <nhofmeyr@sysmocom.de> 2016-10-01 02:08:36 +0200
commit: 7c274bc113b77973bac2f73eb876b86af9059fb6 (patch)
tree: b71df02a6fa36046c0b6740c88541b16a2ad818f
parent: b497b36543d2ed0fd0266cf42f8e4a908ee3ed10 (diff)
1 files changed, 18 insertions, 5 deletions
diff --git a/coverity/coverity_Osmocom.sh b/coverity/coverity_Osmocom.sh
index e835f18..a19acb3 100755
--- a/coverity/coverity_Osmocom.sh
+++ b/coverity/coverity_Osmocom.sh
@@ -15,8 +15,21 @@ cd "$src_dir"
 rm -f Osmocom.tgz
 tar czf Osmocom.tgz cov-int
 
-curl \
-	--form token="$($base_dir/get_token.sh $base_dir/tokens.txt Osmocom)" \
-	--form email=holger@freyther.de --form file=@Osmocom.tgz \
-	--form version=Version --form description=AutoUpload \
-	https://scan.coverity.com/builds?project=Osmocom
+# Don't leak the token to jenkins build logs, but still log the call:
+# First compose the call to echo, then run with token inserted by 'eval'.
+set +x
+
+curl_cmd='curl \
+ --form token="$token" \
+ --form email=holger@freyther.de --form file=@Osmocom.tgz \
+ --form version=Version --form description=AutoUpload \
+ https://scan.coverity.com/builds?project=Osmocom'
+echo "$curl_cmd"
+
+token="$($base_dir/get_token.sh $base_dir/tokens.txt Osmocom)"
+if [ -z "$token" ]; then
+  echo "TOKEN IS EMPTY"
+  exit 1
+fi
+
+eval "$curl_cmd"
author	Neels Hofmeyr <nhofmeyr@sysmocom.de>	2016-10-01 02:08:36 +0200
committer	Neels Hofmeyr <nhofmeyr@sysmocom.de>	2016-10-01 02:08:36 +0200
commit	7c274bc113b77973bac2f73eb876b86af9059fb6 (patch)
tree	b71df02a6fa36046c0b6740c88541b16a2ad818f
parent	b497b36543d2ed0fd0266cf42f8e4a908ee3ed10 (diff)