fix(wincred): Use UTF-16 encoding for passwords (carry 335)#427
Draft
thaJeztah wants to merge 4 commits intodocker:mainfrom
Draft
fix(wincred): Use UTF-16 encoding for passwords (carry 335)#427thaJeztah wants to merge 4 commits intodocker:mainfrom
thaJeztah wants to merge 4 commits intodocker:mainfrom
Conversation
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
thaJeztah
commented
Apr 20, 2026
Comment on lines
+34
to
+37
| if err != nil { | ||
| fmt.Println(err) | ||
| os.Exit(1) | ||
| } |
Member
Author
There was a problem hiding this comment.
changed this to an error return instead
thaJeztah
force-pushed
the
carry_335
branch
3 times, most recently
from
2b9c650 to
9d79315
Compare
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This change adds UTF-16 encoding to the Windows credential helper. As recommended by the author of the wincred library, the password should be encoded to allow other applications to use the same password. This is especially needed when the docker image repository is hosted on a JFrog Artifactory, that also hosts Python repositories. Because nobody wants to store their credentials in as plain test within the _pip.ini_, they're going to enable the keyring support for pip, which in turn uses the Win32API that assumes that the password is a UTF-16 encoded string. Since this is not the case pip will crash with an encoding error. Signed-off-by: Philipp Krüger <github.khab3@passinbox.com> Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
As older versions of the credential helper would store creds as raw bytes, we must expect the value to be a raw byte, not UTF-16LE encoded. Try decoding the value and check if it round-trips correctly to make sure we're actually dealing with UTF-16LE encoded creds. We should also consider setting a custom "encoding" attribute instead to detect what encoding was used to store the value. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This change adds UTF-16 encoding to the Windows credential helper.
As recommended by the author of the wincred library, the password should be encoded to allow other applications to use the same password.
This is especially needed when the docker image repository is hosted on a JFrog Artifactory, that also hosts Python repositories. Because nobody wants to store their credentials in as plain test within the pip.ini, they're going to enable the keyring support for pip, which in turn uses the Win32API that assumes that the password is a UTF-16 encoded string. Since this is not the case pip will crash with an encoding error.
- What I did
- How I did it
- How to verify it
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)