Add SafeURL helper method to GitRemoteConfig

During the development of the (secure) Git HTTPS credential feature, I did not take the response of the `GitRepoConfig` API method into account. As a direct result, the `fluxctl sync` command still exposes the full Git URL in the logs. This commit adds (and implements) a helper method `SafeURL` to `GitRemoteConfig`, which makes it possible to print the URL without leaking any sensitive data.
fluxcd · Oct 24, 2019 · 0060275 · 0060275
1 parent 874f1e9
commit 0060275
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 2 deletions.
diff --git a/cmd/fluxctl/sync_cmd.go b/cmd/fluxctl/sync_cmd.go
@@ -46,10 +46,10 @@ func (opts *syncOpts) RunE(cmd *cobra.Command, args []string) error {
 	case git.RepoReady:
 		break
 	default:
-		return fmt.Errorf("git repository %s is not ready to sync (status: %s)", gitConfig.Remote.URL, string(gitConfig.Status))
+		return fmt.Errorf("git repository %s is not ready to sync (status: %s)", gitConfig.Remote.SafeURL(), string(gitConfig.Status))
 	}
 
-	fmt.Fprintf(cmd.OutOrStderr(), "Synchronizing with %s\n", gitConfig.Remote.URL)
+	fmt.Fprintf(cmd.OutOrStderr(), "Synchronizing with %s\n", gitConfig.Remote.SafeURL())
 
 	updateSpec := update.Spec{
 		Type: update.Sync,

diff --git a/pkg/api/v6/api.go b/pkg/api/v6/api.go
@@ -2,6 +2,10 @@ package v6
 
 import (
 	"context"
+	"fmt"
+	"net/url"
+
+	giturls "github.com/whilp/git-urls"
 
 	"github.com/fluxcd/flux/pkg/cluster"
 	"github.com/fluxcd/flux/pkg/git"
@@ -54,6 +58,17 @@ type GitRemoteConfig struct {
 	Path   string `json:"path"`
 }
 
+func (c GitRemoteConfig) SafeURL() string {
+	u, err := giturls.Parse(c.URL)
+	if err != nil {
+		return fmt.Sprintf("<unparseable: %s>", c.URL)
+	}
+	if u.User != nil {
+		u.User = url.User(u.User.Username())
+	}
+	return u.String()
+}
+
 type GitConfig struct {
 	Remote       GitRemoteConfig   `json:"remote"`
 	PublicSSHKey ssh.PublicKey     `json:"publicSSHKey"`