Sanitize credentials in mirror form (#9975)
This commit is contained in:
parent
5b17bb8f3d
commit
a67c06ce90
|
@ -197,6 +197,14 @@ type Repository struct {
|
||||||
UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
|
UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SanitizedOriginalURL returns a sanitized OriginalURL
|
||||||
|
func (repo *Repository) SanitizedOriginalURL() string {
|
||||||
|
if repo.OriginalURL == "" {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
return util.SanitizeURLCredentials(repo.OriginalURL, false)
|
||||||
|
}
|
||||||
|
|
||||||
// ColorFormat returns a colored string to represent this repo
|
// ColorFormat returns a colored string to represent this repo
|
||||||
func (repo *Repository) ColorFormat(s fmt.State) {
|
func (repo *Repository) ColorFormat(s fmt.State) {
|
||||||
var ownerName interface{}
|
var ownerName interface{}
|
||||||
|
|
|
@ -7,6 +7,8 @@ package util
|
||||||
import (
|
import (
|
||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"code.gitea.io/gitea/modules/log"
|
||||||
)
|
)
|
||||||
|
|
||||||
// urlSafeError wraps an error whose message may contain a sensitive URL
|
// urlSafeError wraps an error whose message may contain a sensitive URL
|
||||||
|
@ -36,6 +38,7 @@ func SanitizeMessage(message, unsanitizedURL string) string {
|
||||||
func SanitizeURLCredentials(unsanitizedURL string, usePlaceholder bool) string {
|
func SanitizeURLCredentials(unsanitizedURL string, usePlaceholder bool) string {
|
||||||
u, err := url.Parse(unsanitizedURL)
|
u, err := url.Parse(unsanitizedURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Error("parse url %s failed: %v", unsanitizedURL, err)
|
||||||
// don't log the error, since it might contain unsanitized URL.
|
// don't log the error, since it might contain unsanitized URL.
|
||||||
return "(unparsable url)"
|
return "(unparsable url)"
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
// Copyright 2020 The Gitea Authors. All rights reserved.
|
||||||
|
// Use of this source code is governed by a MIT-style
|
||||||
|
// license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
package util
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestSanitizeURLCredentials(t *testing.T) {
|
||||||
|
var kases = map[string]string{
|
||||||
|
"https://github.com/go-gitea/test_repo.git": "https://github.com/go-gitea/test_repo.git",
|
||||||
|
"https://mytoken@github.com/go-gitea/test_repo.git": "https://github.com/go-gitea/test_repo.git",
|
||||||
|
"http://github.com/go-gitea/test_repo.git": "http://github.com/go-gitea/test_repo.git",
|
||||||
|
"/test/repos/repo1": "/test/repos/repo1",
|
||||||
|
"git@github.com:go-gitea/test_repo.git": "(unparsable url)",
|
||||||
|
}
|
||||||
|
|
||||||
|
for source, value := range kases {
|
||||||
|
assert.EqualValues(t, value, SanitizeURLCredentials(source, false))
|
||||||
|
}
|
||||||
|
}
|
|
@ -14,7 +14,7 @@
|
||||||
{{if and .RelAvatarLink .IsPrivate}}<i class="mega-octicon octicon-lock"></i>{{end}}
|
{{if and .RelAvatarLink .IsPrivate}}<i class="mega-octicon octicon-lock"></i>{{end}}
|
||||||
{{if .IsTemplate}}<i class="icon fa-copy"></i>{{end}}
|
{{if .IsTemplate}}<i class="icon fa-copy"></i>{{end}}
|
||||||
{{if .IsArchived}}<i class="archive icon archived-icon"></i>{{end}}
|
{{if .IsArchived}}<i class="archive icon archived-icon"></i>{{end}}
|
||||||
{{if .IsMirror}}<div class="fork-flag">{{$.i18n.Tr "repo.mirror_from"}} <a target="_blank" rel="noopener noreferrer" href="{{MirrorAddress $.Mirror}}">{{MirrorAddress $.Mirror}}</a></div>{{end}}
|
{{if .IsMirror}}<div class="fork-flag">{{$.i18n.Tr "repo.mirror_from"}} <a target="_blank" rel="noopener noreferrer" href="{{if .SanitizedOriginalURL}}{{.SanitizedOriginalURL}}{{else}}{{MirrorAddress $.Mirror}}{{end}}">{{if .SanitizedOriginalURL}}{{.SanitizedOriginalURL}}{{else}}{{MirrorAddress $.Mirror}}{{end}}</a></div>{{end}}
|
||||||
{{if .IsFork}}<div class="fork-flag">{{$.i18n.Tr "repo.forked_from"}} <a href="{{.BaseRepo.Link}}">{{SubStr .BaseRepo.RelLink 1 -1}}</a></div>{{end}}
|
{{if .IsFork}}<div class="fork-flag">{{$.i18n.Tr "repo.forked_from"}} <a href="{{.BaseRepo.Link}}">{{SubStr .BaseRepo.RelLink 1 -1}}</a></div>{{end}}
|
||||||
{{if .IsGenerated}}<div class="fork-flag">{{$.i18n.Tr "repo.generated_from"}} <a href="{{.TemplateRepo.Link}}">{{SubStr .TemplateRepo.RelLink 1 -1}}</a></div>{{end}}
|
{{if .IsGenerated}}<div class="fork-flag">{{$.i18n.Tr "repo.generated_from"}} <a href="{{.TemplateRepo.Link}}">{{SubStr .TemplateRepo.RelLink 1 -1}}</a></div>{{end}}
|
||||||
</div>
|
</div>
|
||||||
|
|
Loading…
Reference in New Issue