Wavyzz/python-github-backup
2
0
Fork 0
mirror of https://github.com/josegonzalez/python-github-backup.git synced 2025-12-05 16:18:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Public repos no longer include the auth token

Browse Source 
When backing up repositories using an auth token and https, the GitHub personal auth token is leaked in each backed up repository. It is included in the URL of each repository's git remote url.

This is not needed as they are public and can be accessed without the token and can cause issues in the future if the token is ever changed, so I think it makes more sense not to have the token stored in each repo backup. I think the token should only be "leaked" like this out of necessity, e.g. it's a private repository and the --prefer-ssh option was not chosen so https with auth token was required to perform the clone.
This commit is contained in:
Ben Baron
2020-01-06 21:25:54 -05:00
parent 252c25461f
commit e8a255b450
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bin/github-backup
View File

@@ -394,7 +394,7 @@ def get_github_repo_url(args, repository):
return repository['ssh_url'] return repository['ssh_url']
auth = get_auth(args, False) auth = get_auth(args, False)
if auth: if auth and repository['private'] == True:
repo_url = 'https://{0}@{1}/{2}/{3}.git'.format( repo_url = 'https://{0}@{1}/{2}/{3}.git'.format(
auth, auth,
get_github_host(args), get_github_host(args),