diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2022-03-27 19:54:09 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-27 12:54:09 +0100 |
| commit | c29fbc6d2316b8b42b37c3b379eb2297f7a93aeb (patch) | |
| tree | 4583000b6e93fd6481bd013011cd58e3272aefad /services | |
| parent | 41b60d94db2b51ec4554b09e51ec6523e5cdfea4 (diff) | |
| download | gitea-c29fbc6d2316b8b42b37c3b379eb2297f7a93aeb.tar.gz gitea-c29fbc6d2316b8b42b37c3b379eb2297f7a93aeb.zip | |
Hide sensitive content on admin panel progress monitor (#19218)
Sanitize urls within git process descriptions.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'services')
| -rw-r--r-- | services/mirror/mirror_pull.go | 16 | ||||
| -rw-r--r-- | services/mirror/mirror_push.go | 9 |
2 files changed, 22 insertions, 3 deletions
diff --git a/services/mirror/mirror_pull.go b/services/mirror/mirror_pull.go index 979ef7f03c..d032a932cf 100644 --- a/services/mirror/mirror_pull.go +++ b/services/mirror/mirror_pull.go @@ -38,7 +38,13 @@ func UpdateAddress(ctx context.Context, m *repo_model.Mirror, addr string) error return err } - _, err = git.NewCommand(ctx, "remote", "add", remoteName, "--mirror=fetch", addr).RunInDir(repoPath) + cmd := git.NewCommand(ctx, "remote", "add", remoteName, "--mirror=fetch", addr) + if strings.Contains(addr, "://") && strings.Contains(addr, "@") { + cmd.SetDescription(fmt.Sprintf("remote add %s --mirror=fetch %s [repo_path: %s]", remoteName, util.NewStringURLSanitizer(addr, true).Replace(addr), repoPath)) + } else { + cmd.SetDescription(fmt.Sprintf("remote add %s --mirror=fetch %s [repo_path: %s]", remoteName, addr, repoPath)) + } + _, err = cmd.RunInDir(repoPath) if err != nil && !strings.HasPrefix(err.Error(), "exit status 128 - fatal: No such remote ") { return err } @@ -52,7 +58,13 @@ func UpdateAddress(ctx context.Context, m *repo_model.Mirror, addr string) error return err } - _, err = git.NewCommand(ctx, "remote", "add", remoteName, "--mirror=fetch", wikiRemotePath).RunInDir(wikiPath) + cmd = git.NewCommand(ctx, "remote", "add", remoteName, "--mirror=fetch", wikiRemotePath) + if strings.Contains(wikiRemotePath, "://") && strings.Contains(wikiRemotePath, "@") { + cmd.SetDescription(fmt.Sprintf("remote add %s --mirror=fetch %s [repo_path: %s]", remoteName, util.NewStringURLSanitizer(wikiRemotePath, true).Replace(wikiRemotePath), wikiPath)) + } else { + cmd.SetDescription(fmt.Sprintf("remote add %s --mirror=fetch %s [repo_path: %s]", remoteName, wikiRemotePath, wikiPath)) + } + _, err = cmd.RunInDir(wikiPath) if err != nil && !strings.HasPrefix(err.Error(), "exit status 128 - fatal: No such remote ") { return err } diff --git a/services/mirror/mirror_push.go b/services/mirror/mirror_push.go index cff53ba8d0..b619f9ab32 100644 --- a/services/mirror/mirror_push.go +++ b/services/mirror/mirror_push.go @@ -10,6 +10,7 @@ import ( "fmt" "io" "regexp" + "strings" "time" repo_model "code.gitea.io/gitea/models/repo" @@ -28,7 +29,13 @@ var stripExitStatus = regexp.MustCompile(`exit status \d+ - `) // AddPushMirrorRemote registers the push mirror remote. func AddPushMirrorRemote(ctx context.Context, m *repo_model.PushMirror, addr string) error { addRemoteAndConfig := func(addr, path string) error { - if _, err := git.NewCommand(ctx, "remote", "add", "--mirror=push", m.RemoteName, addr).RunInDir(path); err != nil { + cmd := git.NewCommand(ctx, "remote", "add", "--mirror=push", m.RemoteName, addr) + if strings.Contains(addr, "://") && strings.Contains(addr, "@") { + cmd.SetDescription(fmt.Sprintf("remote add %s --mirror=push %s [repo_path: %s]", m.RemoteName, util.NewStringURLSanitizer(addr, true).Replace(addr), path)) + } else { + cmd.SetDescription(fmt.Sprintf("remote add %s --mirror=push %s [repo_path: %s]", m.RemoteName, addr, path)) + } + if _, err := cmd.RunInDir(path); err != nil { return err } if _, err := git.NewCommand(ctx, "config", "--add", "remote."+m.RemoteName+".push", "+refs/heads/*:refs/heads/*").RunInDir(path); err != nil { |