From 8da046e4e982b7a8c01b038b19242dc339847cd8 Mon Sep 17 00:00:00 2001
From: Stephan Vock <stephan.vock@gmail.com>
Date: Sun, 23 Jun 2019 18:59:36 +0100
Subject: [PATCH] SVN: hide passwords for debug output

---
 src/Composer/Util/ProcessExecutor.php         |  1 +
 .../Test/Util/ProcessExecutorTest.php         | 20 ++++++++++++++++---
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/Composer/Util/ProcessExecutor.php b/src/Composer/Util/ProcessExecutor.php
index f5e1ef610..d72a02981 100644
--- a/src/Composer/Util/ProcessExecutor.php
+++ b/src/Composer/Util/ProcessExecutor.php
@@ -51,6 +51,7 @@ class ProcessExecutor
 
                 return '://'.$m['user'].':***@';
             }, $command);
+            $safeCommand = preg_replace("{--password (.*[^\\\\]\') }", '--password \'***\' ', $safeCommand);
             $this->io->writeError('Executing command ('.($cwd ?: 'CWD').'): '.$safeCommand);
         }
 
diff --git a/tests/Composer/Test/Util/ProcessExecutorTest.php b/tests/Composer/Test/Util/ProcessExecutorTest.php
index e98898417..db16b8c02 100644
--- a/tests/Composer/Test/Util/ProcessExecutorTest.php
+++ b/tests/Composer/Test/Util/ProcessExecutorTest.php
@@ -61,11 +61,25 @@ class ProcessExecutorTest extends TestCase
         ProcessExecutor::setTimeout(60);
     }
 
-    public function testHidePasswords()
+    /**
+     * @dataProvider hidePasswordProvider
+     */
+    public function testHidePasswords($command, $expectedCommandOutput)
     {
         $process = new ProcessExecutor($buffer = new BufferIO('', StreamOutput::VERBOSITY_DEBUG));
-        $process->execute('echo https://foo:bar@example.org/ && echo http://foo@example.org && echo http://abcdef1234567890234578:x-oauth-token@github.com/', $output);
-        $this->assertEquals('Executing command (CWD): echo https://foo:***@example.org/ && echo http://foo@example.org && echo http://***:***@github.com/', trim($buffer->getOutput()));
+        $process->execute($command, $output);
+        $this->assertEquals('Executing command (CWD): ' . $expectedCommandOutput, trim($buffer->getOutput()));
+    }
+
+    public function hidePasswordProvider()
+    {
+        return array(
+            array('echo https://foo:bar@example.org/', 'echo https://foo:***@example.org/'),
+            array('echo http://foo@example.org', 'echo http://foo@example.org'),
+            array('echo http://abcdef1234567890234578:x-oauth-token@github.com/', 'echo http://***:***@github.com/'),
+            array("svn ls --verbose --non-interactive  --username 'foo' --password 'bar'  'https://foo.example.org/svn/'", "svn ls --verbose --non-interactive  --username 'foo' --password '***'  'https://foo.example.org/svn/'"),
+            array("svn ls --verbose --non-interactive  --username 'foo' --password 'bar \'bar'  'https://foo.example.org/svn/'", "svn ls --verbose --non-interactive  --username 'foo' --password '***'  'https://foo.example.org/svn/'"),
+        );
     }
 
     public function testDoesntHidePorts()