import (
"fmt"
- "strings"
"time"
- "github.com/Unknwon/com"
- "github.com/go-xorm/xorm"
- "gopkg.in/ini.v1"
-
"code.gitea.io/git"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/process"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/sync"
+ "code.gitea.io/gitea/modules/util"
+
+ "github.com/Unknwon/com"
+ "github.com/go-xorm/xorm"
+ "gopkg.in/ini.v1"
)
// MirrorQueue holds an UniqueQueue object of the mirror
m.NextUpdate = time.Now().Add(m.Interval)
}
+func remoteAddress(repoPath string) (string, error) {
+ cfg, err := ini.Load(GitConfigPath(repoPath))
+ if err != nil {
+ return "", err
+ }
+ return cfg.Section("remote \"origin\"").Key("url").Value(), nil
+}
+
func (m *Mirror) readAddress() {
if len(m.address) > 0 {
return
}
-
- cfg, err := ini.Load(m.Repo.GitConfigPath())
+ var err error
+ m.address, err = remoteAddress(m.Repo.RepoPath())
if err != nil {
- log.Error(4, "Load: %v", err)
- return
+ log.Error(4, "remoteAddress: %v", err)
}
- m.address = cfg.Section("remote \"origin\"").Key("url").Value()
}
-// HandleCloneUserCredentials replaces user credentials from HTTP/HTTPS URL
-// with placeholder <credentials>.
-// It will fail for any other forms of clone addresses.
-func HandleCloneUserCredentials(url string, mosaics bool) string {
- i := strings.Index(url, "@")
- if i == -1 {
- return url
- }
- start := strings.Index(url, "://")
- if start == -1 {
- return url
- }
- if mosaics {
- return url[:start+3] + "<credentials>" + url[i:]
+// sanitizeOutput sanitizes output of a command, replacing occurrences of the
+// repository's remote address with a sanitized version.
+func sanitizeOutput(output, repoPath string) (string, error) {
+ remoteAddr, err := remoteAddress(repoPath)
+ if err != nil {
+ // if we're unable to load the remote address, then we're unable to
+ // sanitize.
+ return "", err
}
- return url[:start+3] + url[i+1:]
+ return util.SanitizeMessage(output, remoteAddr), nil
}
// Address returns mirror address from Git repository config without credentials.
func (m *Mirror) Address() string {
m.readAddress()
- return HandleCloneUserCredentials(m.address, false)
+ return util.SanitizeURLCredentials(m.address, false)
}
// FullAddress returns mirror address from Git repository config.
if _, stderr, err := process.GetManager().ExecDir(
timeout, repoPath, fmt.Sprintf("Mirror.runSync: %s", repoPath),
"git", gitArgs...); err != nil {
- desc := fmt.Sprintf("Failed to update mirror repository '%s': %s", repoPath, stderr)
+ // sanitize the output, since it may contain the remote address, which may
+ // contain a password
+ message, err := sanitizeOutput(stderr, repoPath)
+ if err != nil {
+ log.Error(4, "sanitizeOutput: %v", err)
+ return false
+ }
+ desc := fmt.Sprintf("Failed to update mirror repository '%s': %s", repoPath, message)
log.Error(4, desc)
if err = CreateRepositoryNotice(desc); err != nil {
log.Error(4, "CreateRepositoryNotice: %v", err)
if _, stderr, err := process.GetManager().ExecDir(
timeout, wikiPath, fmt.Sprintf("Mirror.runSync: %s", wikiPath),
"git", "remote", "update", "--prune"); err != nil {
- desc := fmt.Sprintf("Failed to update mirror wiki repository '%s': %s", wikiPath, stderr)
+ // sanitize the output, since it may contain the remote address, which may
+ // contain a password
+ message, err := sanitizeOutput(stderr, wikiPath)
+ if err != nil {
+ log.Error(4, "sanitizeOutput: %v", err)
+ return false
+ }
+ desc := fmt.Sprintf("Failed to update mirror wiki repository '%s': %s", wikiPath, message)
log.Error(4, desc)
if err = CreateRepositoryNotice(desc); err != nil {
log.Error(4, "CreateRepositoryNotice: %v", err)
--- /dev/null
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package util
+
+import (
+ "net/url"
+ "strings"
+)
+
+// urlSafeError wraps an error whose message may contain a sensitive URL
+type urlSafeError struct {
+ err error
+ unsanitizedURL string
+}
+
+func (err urlSafeError) Error() string {
+ return SanitizeMessage(err.err.Error(), err.unsanitizedURL)
+}
+
+// URLSanitizedError returns the sanitized version an error whose message may
+// contain a sensitive URL
+func URLSanitizedError(err error, unsanitizedURL string) error {
+ return urlSafeError{err: err, unsanitizedURL: unsanitizedURL}
+}
+
+// SanitizeMessage sanitizes a message which may contains a sensitive URL
+func SanitizeMessage(message, unsanitizedURL string) string {
+ sanitizedURL := SanitizeURLCredentials(unsanitizedURL, true)
+ return strings.Replace(message, unsanitizedURL, sanitizedURL, -1)
+}
+
+// SanitizeURLCredentials sanitizes a url, either removing user credentials
+// or replacing them with a placeholder.
+func SanitizeURLCredentials(unsanitizedURL string, usePlaceholder bool) string {
+ u, err := url.Parse(unsanitizedURL)
+ if err != nil {
+ // don't log the error, since it might contain unsanitized URL.
+ return "(unparsable url)"
+ }
+ if u.User != nil && usePlaceholder {
+ u.User = url.User("<credentials>")
+ } else {
+ u.User = nil
+ }
+ return u.String()
+}
"net/http"
"strings"
- api "code.gitea.io/sdk/gitea"
-
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/routers/api/v1/convert"
+ api "code.gitea.io/sdk/gitea"
)
// Search repositories via options
RemoteAddr: remoteAddr,
})
if err != nil {
+ err = util.URLSanitizedError(err, remoteAddr)
if repo != nil {
if errDelete := models.DeleteRepository(ctx.User, ctxUser.ID, repo.ID); errDelete != nil {
log.Error(4, "DeleteRepository: %v", errDelete)
}
}
- ctx.Error(500, "MigrateRepository", models.HandleCloneUserCredentials(err.Error(), true))
+ ctx.Error(500, "MigrateRepository", err)
return
}
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
+ "code.gitea.io/gitea/modules/util"
)
const (
return
}
+ // remoteAddr may contain credentials, so we sanitize it
+ err = util.URLSanitizedError(err, remoteAddr)
+
if repo != nil {
if errDelete := models.DeleteRepository(ctx.User, ctxUser.ID, repo.ID); errDelete != nil {
log.Error(4, "DeleteRepository: %v", errDelete)
if strings.Contains(err.Error(), "Authentication failed") ||
strings.Contains(err.Error(), "could not read Username") {
ctx.Data["Err_Auth"] = true
- ctx.RenderWithErr(ctx.Tr("form.auth_failed", models.HandleCloneUserCredentials(err.Error(), true)), tplMigrate, &form)
+ ctx.RenderWithErr(ctx.Tr("form.auth_failed", err.Error()), tplMigrate, &form)
return
} else if strings.Contains(err.Error(), "fatal:") {
ctx.Data["Err_CloneAddr"] = true
- ctx.RenderWithErr(ctx.Tr("repo.migrate.failed", models.HandleCloneUserCredentials(err.Error(), true)), tplMigrate, &form)
+ ctx.RenderWithErr(ctx.Tr("repo.migrate.failed", err.Error()), tplMigrate, &form)
return
}