我正在做一个旧的本地repo,这是我在不太了解安全/git时创建的。我提交了包含密码的文件。我已经在源代码中纠正了这一点,并更新了.gitignore,现在我想从git历史中清除敏感字符串。我不想影响当前文件,或删除历史记录,只是用***REMOVED***
替换字符串。根据其他答案,我尝试了以下方法:
git filter-repo --replace-text replace.txt
使用replace.txt
regex:$password = ["'].*?["']==>$password = "***REMOVED***"
regex:$servername = ["'].*?["']==>$servername = "***REMOVED***"
regex:$username = ["'].*?["']==>$username = "***REMOVED***"
regex:$dbname = ["'].*?["']==>$dbname = "***REMOVED***";
regex:$host = ["'].*?["']==>$host = "***REMOVED***"
regex:$db_name = ["'].*?["']==>$db_name = "***REMOVED***";
regex:$smtp_server = ["'].*?["']==>$smtp_server = "***REMOVED***";
regex:$smtp_user = ["'].*?["']==>$smtp_user = "***REMOVED***"
regex:$smtp_pw = ["'].*?["']==>$smtp_pw = "***REMOVED***";
(我也尝试过它只是字符串字面值,以防它是一个正则表达式问题)
输出
Parsed 90 commits
New history written in 4.71 seconds; now repacking/cleaning...
Repacking your repo and cleaning out old unneeded objects
HEAD is now at xxx
Enumerating objects: 2299, done.
Counting objects: 100% (2299/2299), done.
Delta compression using up to 4 threads
Compressing objects: 100% (719/719), done.
Writing objects: 100% (2299/2299), done.
Total 2299 (delta 1579), reused 2283 (delta 1563), pack-reused 0
Completely finished after 6.87 seconds.
但是这并没有改变任何东西——我仍然可以在git历史记录中看到字符串,并且正在运行git log -S <one of the passwords>
似乎证实了这一点。
我做错了什么?
答案- replace.txt必须是UTF-8
由于某些原因,replace.txt是UTF-16编码,更改为UTF-8已经修复了这个问题