From 9b588b2bdfc93d5cb0fe0c1753971e987addf68a Mon Sep 17 00:00:00 2001
From: Alex Turbov <i.zaufi@gmail.com>
Date: Wed, 13 Jul 2016 18:23:29 +0300
Subject: ExternalData: Hide security-sensitive details from output

Do not disclose credentials when printing URIs used to fetch external resources.
---
 Modules/ExternalData.cmake | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Modules/ExternalData.cmake b/Modules/ExternalData.cmake
index a3f460d..02d2b15 100644
--- a/Modules/ExternalData.cmake
+++ b/Modules/ExternalData.cmake
@@ -971,7 +971,8 @@ function(_ExternalData_download_object name hash algo var_obj)
         set(url "${lhs}${algo}${rhs}")
       endif()
     endif()
-    message(STATUS "Fetching \"${url}\"")
+    string(REGEX REPLACE "((https?|ftp)://)([^@]+@)?(.*)" "\\1\\4" secured_url "${url}")
+    message(STATUS "Fetching \"${secured_url}\"")
     if(url MATCHES "^ExternalDataCustomScript://([A-Za-z_][A-Za-z0-9_]*)/(.*)$")
       _ExternalData_custom_fetch("${CMAKE_MATCH_1}" "${CMAKE_MATCH_2}" "${tmp}" err errMsg)
     else()
-- 
cgit v0.12