* Sanitize logs for mirror sync * Fix error message sanitiziation (#3082)
This commit is contained in:
parent
8f7054a864
commit
ec6718ef40
|
@ -605,9 +605,14 @@ func (repo *Repository) RepoPath() string {
|
||||||
return repo.repoPath(x)
|
return repo.repoPath(x)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// GitConfigPath returns the path to a repository's git config/ directory
|
||||||
|
func GitConfigPath(repoPath string) string {
|
||||||
|
return filepath.Join(repoPath, "config")
|
||||||
|
}
|
||||||
|
|
||||||
// GitConfigPath returns the repository git config path
|
// GitConfigPath returns the repository git config path
|
||||||
func (repo *Repository) GitConfigPath() string {
|
func (repo *Repository) GitConfigPath() string {
|
||||||
return filepath.Join(repo.RepoPath(), "config")
|
return GitConfigPath(repo.RepoPath())
|
||||||
}
|
}
|
||||||
|
|
||||||
// RelLink returns the repository relative link
|
// RelLink returns the repository relative link
|
||||||
|
|
|
@ -6,18 +6,18 @@ package models
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"strings"
|
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/Unknwon/com"
|
|
||||||
"github.com/go-xorm/xorm"
|
|
||||||
"gopkg.in/ini.v1"
|
|
||||||
|
|
||||||
"code.gitea.io/git"
|
"code.gitea.io/git"
|
||||||
"code.gitea.io/gitea/modules/log"
|
"code.gitea.io/gitea/modules/log"
|
||||||
"code.gitea.io/gitea/modules/process"
|
"code.gitea.io/gitea/modules/process"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
"code.gitea.io/gitea/modules/sync"
|
"code.gitea.io/gitea/modules/sync"
|
||||||
|
"code.gitea.io/gitea/modules/util"
|
||||||
|
|
||||||
|
"github.com/Unknwon/com"
|
||||||
|
"github.com/go-xorm/xorm"
|
||||||
|
"gopkg.in/ini.v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
// MirrorQueue holds an UniqueQueue object of the mirror
|
// MirrorQueue holds an UniqueQueue object of the mirror
|
||||||
|
@ -76,41 +76,41 @@ func (m *Mirror) ScheduleNextUpdate() {
|
||||||
m.NextUpdate = time.Now().Add(m.Interval)
|
m.NextUpdate = time.Now().Add(m.Interval)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func remoteAddress(repoPath string) (string, error) {
|
||||||
|
cfg, err := ini.Load(GitConfigPath(repoPath))
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
return cfg.Section("remote \"origin\"").Key("url").Value(), nil
|
||||||
|
}
|
||||||
|
|
||||||
func (m *Mirror) readAddress() {
|
func (m *Mirror) readAddress() {
|
||||||
if len(m.address) > 0 {
|
if len(m.address) > 0 {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
var err error
|
||||||
cfg, err := ini.Load(m.Repo.GitConfigPath())
|
m.address, err = remoteAddress(m.Repo.RepoPath())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error(4, "Load: %v", err)
|
log.Error(4, "remoteAddress: %v", err)
|
||||||
return
|
|
||||||
}
|
}
|
||||||
m.address = cfg.Section("remote \"origin\"").Key("url").Value()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// HandleCloneUserCredentials replaces user credentials from HTTP/HTTPS URL
|
// sanitizeOutput sanitizes output of a command, replacing occurrences of the
|
||||||
// with placeholder <credentials>.
|
// repository's remote address with a sanitized version.
|
||||||
// It will fail for any other forms of clone addresses.
|
func sanitizeOutput(output, repoPath string) (string, error) {
|
||||||
func HandleCloneUserCredentials(url string, mosaics bool) string {
|
remoteAddr, err := remoteAddress(repoPath)
|
||||||
i := strings.Index(url, "@")
|
if err != nil {
|
||||||
if i == -1 {
|
// if we're unable to load the remote address, then we're unable to
|
||||||
return url
|
// sanitize.
|
||||||
|
return "", err
|
||||||
}
|
}
|
||||||
start := strings.Index(url, "://")
|
return util.SanitizeMessage(output, remoteAddr), nil
|
||||||
if start == -1 {
|
|
||||||
return url
|
|
||||||
}
|
|
||||||
if mosaics {
|
|
||||||
return url[:start+3] + "<credentials>" + url[i:]
|
|
||||||
}
|
|
||||||
return url[:start+3] + url[i+1:]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Address returns mirror address from Git repository config without credentials.
|
// Address returns mirror address from Git repository config without credentials.
|
||||||
func (m *Mirror) Address() string {
|
func (m *Mirror) Address() string {
|
||||||
m.readAddress()
|
m.readAddress()
|
||||||
return HandleCloneUserCredentials(m.address, false)
|
return util.SanitizeURLCredentials(m.address, false)
|
||||||
}
|
}
|
||||||
|
|
||||||
// FullAddress returns mirror address from Git repository config.
|
// FullAddress returns mirror address from Git repository config.
|
||||||
|
@ -145,7 +145,14 @@ func (m *Mirror) runSync() bool {
|
||||||
if _, stderr, err := process.GetManager().ExecDir(
|
if _, stderr, err := process.GetManager().ExecDir(
|
||||||
timeout, repoPath, fmt.Sprintf("Mirror.runSync: %s", repoPath),
|
timeout, repoPath, fmt.Sprintf("Mirror.runSync: %s", repoPath),
|
||||||
"git", gitArgs...); err != nil {
|
"git", gitArgs...); err != nil {
|
||||||
desc := fmt.Sprintf("Failed to update mirror repository '%s': %s", repoPath, stderr)
|
// sanitize the output, since it may contain the remote address, which may
|
||||||
|
// contain a password
|
||||||
|
message, err := sanitizeOutput(stderr, repoPath)
|
||||||
|
if err != nil {
|
||||||
|
log.Error(4, "sanitizeOutput: %v", err)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
desc := fmt.Sprintf("Failed to update mirror repository '%s': %s", repoPath, message)
|
||||||
log.Error(4, desc)
|
log.Error(4, desc)
|
||||||
if err = CreateRepositoryNotice(desc); err != nil {
|
if err = CreateRepositoryNotice(desc); err != nil {
|
||||||
log.Error(4, "CreateRepositoryNotice: %v", err)
|
log.Error(4, "CreateRepositoryNotice: %v", err)
|
||||||
|
@ -170,7 +177,14 @@ func (m *Mirror) runSync() bool {
|
||||||
if _, stderr, err := process.GetManager().ExecDir(
|
if _, stderr, err := process.GetManager().ExecDir(
|
||||||
timeout, wikiPath, fmt.Sprintf("Mirror.runSync: %s", wikiPath),
|
timeout, wikiPath, fmt.Sprintf("Mirror.runSync: %s", wikiPath),
|
||||||
"git", "remote", "update", "--prune"); err != nil {
|
"git", "remote", "update", "--prune"); err != nil {
|
||||||
desc := fmt.Sprintf("Failed to update mirror wiki repository '%s': %s", wikiPath, stderr)
|
// sanitize the output, since it may contain the remote address, which may
|
||||||
|
// contain a password
|
||||||
|
message, err := sanitizeOutput(stderr, wikiPath)
|
||||||
|
if err != nil {
|
||||||
|
log.Error(4, "sanitizeOutput: %v", err)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
desc := fmt.Sprintf("Failed to update mirror wiki repository '%s': %s", wikiPath, message)
|
||||||
log.Error(4, desc)
|
log.Error(4, desc)
|
||||||
if err = CreateRepositoryNotice(desc); err != nil {
|
if err = CreateRepositoryNotice(desc); err != nil {
|
||||||
log.Error(4, "CreateRepositoryNotice: %v", err)
|
log.Error(4, "CreateRepositoryNotice: %v", err)
|
||||||
|
|
48
modules/util/sanitize.go
Normal file
48
modules/util/sanitize.go
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
// Copyright 2017 The Gitea Authors. All rights reserved.
|
||||||
|
// Use of this source code is governed by a MIT-style
|
||||||
|
// license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
package util
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/url"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
// urlSafeError wraps an error whose message may contain a sensitive URL
|
||||||
|
type urlSafeError struct {
|
||||||
|
err error
|
||||||
|
unsanitizedURL string
|
||||||
|
}
|
||||||
|
|
||||||
|
func (err urlSafeError) Error() string {
|
||||||
|
return SanitizeMessage(err.err.Error(), err.unsanitizedURL)
|
||||||
|
}
|
||||||
|
|
||||||
|
// URLSanitizedError returns the sanitized version an error whose message may
|
||||||
|
// contain a sensitive URL
|
||||||
|
func URLSanitizedError(err error, unsanitizedURL string) error {
|
||||||
|
return urlSafeError{err: err, unsanitizedURL: unsanitizedURL}
|
||||||
|
}
|
||||||
|
|
||||||
|
// SanitizeMessage sanitizes a message which may contains a sensitive URL
|
||||||
|
func SanitizeMessage(message, unsanitizedURL string) string {
|
||||||
|
sanitizedURL := SanitizeURLCredentials(unsanitizedURL, true)
|
||||||
|
return strings.Replace(message, unsanitizedURL, sanitizedURL, -1)
|
||||||
|
}
|
||||||
|
|
||||||
|
// SanitizeURLCredentials sanitizes a url, either removing user credentials
|
||||||
|
// or replacing them with a placeholder.
|
||||||
|
func SanitizeURLCredentials(unsanitizedURL string, usePlaceholder bool) string {
|
||||||
|
u, err := url.Parse(unsanitizedURL)
|
||||||
|
if err != nil {
|
||||||
|
// don't log the error, since it might contain unsanitized URL.
|
||||||
|
return "(unparsable url)"
|
||||||
|
}
|
||||||
|
if u.User != nil && usePlaceholder {
|
||||||
|
u.User = url.User("<credentials>")
|
||||||
|
} else {
|
||||||
|
u.User = nil
|
||||||
|
}
|
||||||
|
return u.String()
|
||||||
|
}
|
|
@ -9,8 +9,6 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
api "code.gitea.io/sdk/gitea"
|
|
||||||
|
|
||||||
"code.gitea.io/gitea/models"
|
"code.gitea.io/gitea/models"
|
||||||
"code.gitea.io/gitea/modules/auth"
|
"code.gitea.io/gitea/modules/auth"
|
||||||
"code.gitea.io/gitea/modules/context"
|
"code.gitea.io/gitea/modules/context"
|
||||||
|
@ -18,6 +16,7 @@ import (
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
"code.gitea.io/gitea/modules/util"
|
"code.gitea.io/gitea/modules/util"
|
||||||
"code.gitea.io/gitea/routers/api/v1/convert"
|
"code.gitea.io/gitea/routers/api/v1/convert"
|
||||||
|
api "code.gitea.io/sdk/gitea"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Search repositories via options
|
// Search repositories via options
|
||||||
|
@ -322,12 +321,13 @@ func Migrate(ctx *context.APIContext, form auth.MigrateRepoForm) {
|
||||||
RemoteAddr: remoteAddr,
|
RemoteAddr: remoteAddr,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
err = util.URLSanitizedError(err, remoteAddr)
|
||||||
if repo != nil {
|
if repo != nil {
|
||||||
if errDelete := models.DeleteRepository(ctx.User, ctxUser.ID, repo.ID); errDelete != nil {
|
if errDelete := models.DeleteRepository(ctx.User, ctxUser.ID, repo.ID); errDelete != nil {
|
||||||
log.Error(4, "DeleteRepository: %v", errDelete)
|
log.Error(4, "DeleteRepository: %v", errDelete)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
ctx.Error(500, "MigrateRepository", models.HandleCloneUserCredentials(err.Error(), true))
|
ctx.Error(500, "MigrateRepository", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -20,6 +20,7 @@ import (
|
||||||
"code.gitea.io/gitea/modules/context"
|
"code.gitea.io/gitea/modules/context"
|
||||||
"code.gitea.io/gitea/modules/log"
|
"code.gitea.io/gitea/modules/log"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
"code.gitea.io/gitea/modules/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -232,6 +233,9 @@ func MigratePost(ctx *context.Context, form auth.MigrateRepoForm) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// remoteAddr may contain credentials, so we sanitize it
|
||||||
|
err = util.URLSanitizedError(err, remoteAddr)
|
||||||
|
|
||||||
if repo != nil {
|
if repo != nil {
|
||||||
if errDelete := models.DeleteRepository(ctx.User, ctxUser.ID, repo.ID); errDelete != nil {
|
if errDelete := models.DeleteRepository(ctx.User, ctxUser.ID, repo.ID); errDelete != nil {
|
||||||
log.Error(4, "DeleteRepository: %v", errDelete)
|
log.Error(4, "DeleteRepository: %v", errDelete)
|
||||||
|
@ -241,11 +245,11 @@ func MigratePost(ctx *context.Context, form auth.MigrateRepoForm) {
|
||||||
if strings.Contains(err.Error(), "Authentication failed") ||
|
if strings.Contains(err.Error(), "Authentication failed") ||
|
||||||
strings.Contains(err.Error(), "could not read Username") {
|
strings.Contains(err.Error(), "could not read Username") {
|
||||||
ctx.Data["Err_Auth"] = true
|
ctx.Data["Err_Auth"] = true
|
||||||
ctx.RenderWithErr(ctx.Tr("form.auth_failed", models.HandleCloneUserCredentials(err.Error(), true)), tplMigrate, &form)
|
ctx.RenderWithErr(ctx.Tr("form.auth_failed", err.Error()), tplMigrate, &form)
|
||||||
return
|
return
|
||||||
} else if strings.Contains(err.Error(), "fatal:") {
|
} else if strings.Contains(err.Error(), "fatal:") {
|
||||||
ctx.Data["Err_CloneAddr"] = true
|
ctx.Data["Err_CloneAddr"] = true
|
||||||
ctx.RenderWithErr(ctx.Tr("repo.migrate.failed", models.HandleCloneUserCredentials(err.Error(), true)), tplMigrate, &form)
|
ctx.RenderWithErr(ctx.Tr("repo.migrate.failed", err.Error()), tplMigrate, &form)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user