From 8dd939bb2787ad3151cbf3345b30732477987353 Mon Sep 17 00:00:00 2001
From: Christian Stenger <christian.stenger@qt.io>
Date: Fri, 11 Nov 2022 14:54:32 +0100
Subject: [PATCH] Vcs: Do not expose passwords to the output windows

Partially reverts bbde6ac9bf1ac3cee0d87ff526783fd9a50c91a7 and
3be9f52980c11ee89dfe3cd9c8fdcdbe01180188.

Fixes: QTCREATORBUG-28413
Change-Id: Iccfb787a5261f3963e862554fa266d62ac49ca50
Reviewed-by: Orgad Shaneh <orgads@gmail.com>
Reviewed-by: hjk <hjk@qt.io>
---
 src/plugins/vcsbase/vcsoutputwindow.cpp | 31 +++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/src/plugins/vcsbase/vcsoutputwindow.cpp b/src/plugins/vcsbase/vcsoutputwindow.cpp
index e0c7c3b5568..aa2df5981a9 100644
--- a/src/plugins/vcsbase/vcsoutputwindow.cpp
+++ b/src/plugins/vcsbase/vcsoutputwindow.cpp
@@ -414,11 +414,38 @@ void VcsOutputWindow::appendWarning(const QString &text)
     append(text + '\n', Warning, false);
 }
 
+// Helper to format arguments for log windows hiding common password options.
+static inline QString formatArguments(const QStringList &args)
+{
+    const char passwordOptionC[] = "--password";
+    QString rc;
+    QTextStream str(&rc);
+    const int size = args.size();
+    // Skip authentication options
+    for (int i = 0; i < size; i++) {
+        const QString arg = filterPasswordFromUrls(args.at(i));
+        if (i)
+            str << ' ';
+        if (arg.startsWith(QString::fromLatin1(passwordOptionC) + '=')) {
+            str << ProcessArgs::quoteArg("--password=********");
+            continue;
+        }
+        str << ProcessArgs::quoteArg(arg);
+        if (arg == passwordOptionC) {
+            str << ' ' << ProcessArgs::quoteArg("********");
+            i++;
+        }
+    }
+    return rc;
+}
+
 QString VcsOutputWindow::msgExecutionLogEntry(const FilePath &workingDir, const CommandLine &command)
 {
+    const QString maskedCmdline = ProcessArgs::quoteArg(command.executable().toUserOutput())
+            + ' ' + formatArguments(command.splitArguments());
     if (workingDir.isEmpty())
-        return tr("Running: %1").arg(command.toUserOutput()) + '\n';
-    return tr("Running in %1: %2").arg(workingDir.toUserOutput(), command.toUserOutput()) + '\n';
+        return tr("Running: %1").arg(maskedCmdline) + '\n';
+    return tr("Running in %1: %2").arg(workingDir.toUserOutput(), maskedCmdline) + '\n';
 }
 
 void VcsOutputWindow::appendShellCommandLine(const QString &text)