-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hide sensitive content on admin panel progress monitor #19218
Conversation
Honestly I am suspicious that the correct thing to do here is to simply provide the correct description for these processes. There are only three of them and we should be fine from there on. |
@zeripath To keep the backport simple and avoid conflicts with other The only change should be done in desc := c.desc
if desc == "" {
args := c.args
var argSensitiveUrlIndices []int
for i, arg := range c.args {
if strings.Index(arg, "://") != -1 && strings.IndexByte(arg, '@') != -1 {
argSensitiveUrlIndices = append(argSensitiveUrlIndices, i)
}
}
if len(argSensitiveUrlIndices) > 0 {
args = make([]string, len(c.args))
copy(args, c.args)
for _, urlArgIndex := range argSensitiveUrlIndices {
args[urlArgIndex] = util.NewStringURLSanitizer(args[urlArgIndex], true).Replace(args[urlArgIndex])
}
}
desc = fmt.Sprintf("%s %s [repo_path: %s]", c.name, strings.Join(args, " "), rc.Dir)
} @lunny For 1.16 backport, the code above is enough, that's the minimal change. For 1.17 , I think we can use a more general Why it's faster: it doesn't do the heavy Expand below ⬇️ func SanitizeCredentialURLs(msg string) string {
schemeSepPos := strings.Index(msg, "://")
if schemeSepPos == -1 && strings.IndexByte(msg, '@') == -1 {
return msg // fast return if there is no URL scheme and no userinfo
}
bd := strings.Builder{}
for schemeSepPos != -1 {
schemeSepPos += 3 // skip the "://"
sepAtPos := -1 // the possible '@' position: "https://foo@[^here]host"
sepEndPos := -1 // the possible end position: "The https://host[^here] in log for test"
sepLoop:
for sepEndPos = schemeSepPos; sepEndPos < len(msg); sepEndPos++ {
c := msg[sepEndPos]
if ('A' <= c && c <= 'Z') || ('a' <= c && c <= 'z') || ('0' <= c && c <= '9') {
continue
}
switch c {
case '@':
sepAtPos = sepEndPos
case '-', '.', '_', ':', '~', '!', '$', '&', '\'', '(', ')', '*', '+', ',', ';', '=', '%':
continue // due to RFC 3986, userinfo can contain - . _ ~ ! $ & ' ( ) * + , ; = : and any percent-encoded chars
default:
break sepLoop
}
}
if sepAtPos != -1 {
bd.WriteString(msg[:schemeSepPos])
bd.WriteString(userPlaceholder)
bd.WriteString(msg[sepAtPos:sepEndPos])
} else {
bd.WriteString(msg[:sepEndPos])
}
msg = msg[sepEndPos:]
schemeSepPos = strings.Index(msg, "://")
}
bd.WriteString(msg)
return bd.String()
}
func TestSanitizeCredentialURLs(t *testing.T) {
cases := []struct {
input string
expected string
}{
{
"https://github.com/go-gitea/test_repo.git",
"https://github.com/go-gitea/test_repo.git",
},
{
"https://[email protected]/go-gitea/test_repo.git",
"https://" + userPlaceholder + "@github.com/go-gitea/test_repo.git",
},
{
"https://user:[email protected]/go-gitea/test_repo.git",
"https://" + userPlaceholder + "@github.com/go-gitea/test_repo.git",
},
{
"URLs in log https://u:b@h and https://u:b@h:80/, with https://h.com and [email protected]",
"URLs in log https://" + userPlaceholder + "@h and https://" + userPlaceholder + "@h:80/, with https://h.com and [email protected]",
},
}
for n, c := range cases {
result := SanitizeCredentialURLs(c.input)
assert.Equal(t, c.expected, result, "case %d: error should match", n)
}
} |
…itive content when generating description automatically
e81accd
to
2dff616
Compare
@wxiaoguang @zeripath both done. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally LGTM.
I still worry that these changes to RunInDir
will conflict with an other PR a a lot, while we might have a chance to avoid these conflicts at the moment. (Just an opinion, either is fine)
- Replace RunInDir with RunWithContext #18978 Replace RunInDir with RunWithContext
@wxiaoguang that sanitizer function looks potentially interesting but I think you could improve further.
|
Signed-off-by: Andrew Thornton <[email protected]>
I've fixed the conflicts and lint. |
I think there's still potential for an argument to be incorrectly assessed as an URL when it is not an URL here - this would then lead to that argument being turned into an unprocessable url - but... this is just a label that is supposed to be helpful to explain what this process is about and some mangling should not be a problem. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just need to adjust the descs. Do not merge yet.
Signed-off-by: Andrew Thornton <[email protected]>
Please send backport |
Sanitize urls within git process descriptions. Co-authored-by: wxiaoguang <[email protected]> Co-authored-by: Andrew Thornton <[email protected]>
…) (#19231) * Hide sensitive content on admin panel progress monitor (#19218) Sanitize urls within git process descriptions. Co-authored-by: wxiaoguang <[email protected]> Co-authored-by: Andrew Thornton <[email protected]> * Do not include global arguments in process manager (#19226) Backport #19226 The git command by default adds a number of global arguments. These are not helpful to be displayed in the process manager and so should be skipped for default process descriptions. Signed-off-by: Andrew Thornton <[email protected]> Co-authored-by: wxiaoguang <[email protected]> Co-authored-by: Andrew Thornton <[email protected]>
Most done in |
Sanitize urls within git process descriptions. Co-authored-by: wxiaoguang <[email protected]> Co-authored-by: Andrew Thornton <[email protected]>
No description provided.