Sanitize credentials in mirror form (#9975)

2 files changed, 28 insertions, 0 deletions

diff --git a/modules/util/sanitize.go b/modules/util/sanitize.go
index b1c17b29cf..d04e1dee77 100644
--- a/modules/util/sanitize.go
+++ b/modules/util/sanitize.go
@@ -7,6 +7,8 @@ package util
 import (
 	"net/url"
 	"strings"
+
+	"code.gitea.io/gitea/modules/log"
 )
 
 // urlSafeError wraps an error whose message may contain a sensitive URL
@@ -36,6 +38,7 @@ func SanitizeMessage(message, unsanitizedURL string) string {
 func SanitizeURLCredentials(unsanitizedURL string, usePlaceholder bool) string {
 	u, err := url.Parse(unsanitizedURL)
 	if err != nil {
+		log.Error("parse url %s failed: %v", unsanitizedURL, err)
 		// don't log the error, since it might contain unsanitized URL.
 		return "(unparsable url)"
 	}
diff --git a/modules/util/sanitize_test.go b/modules/util/sanitize_test.go
new file mode 100644
index 0000000000..4f07100675
--- /dev/null
+++ b/modules/util/sanitize_test.go
@@ -0,0 +1,25 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package util
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSanitizeURLCredentials(t *testing.T) {
+	var kases = map[string]string{
+		"https://github.com/go-gitea/test_repo.git":         "https://github.com/go-gitea/test_repo.git",
+		"https://mytoken@github.com/go-gitea/test_repo.git": "https://github.com/go-gitea/test_repo.git",
+		"http://github.com/go-gitea/test_repo.git":          "http://github.com/go-gitea/test_repo.git",
+		"/test/repos/repo1":                                 "/test/repos/repo1",
+		"git@github.com:go-gitea/test_repo.git":             "(unparsable url)",
+	}
+
+	for source, value := range kases {
+		assert.EqualValues(t, value, SanitizeURLCredentials(source, false))
+	}
+}