Browse Source

Sanitize logs for mirror sync (#3057)

Ethan Koenig 2 years ago
parent
commit
a0964775ab
2 changed files with 46 additions and 8 deletions
  1. 6 1
      models/repo.go
  2. 40 7
      models/repo_mirror.go

+ 6 - 1
models/repo.go

@@ -605,9 +605,14 @@ func (repo *Repository) RepoPath() string {
605 605
 	return repo.repoPath(x)
606 606
 }
607 607
 
608
+// GitConfigPath returns the path to a repository's git config/ directory
609
+func GitConfigPath(repoPath string) string {
610
+	return filepath.Join(repoPath, "config")
611
+}
612
+
608 613
 // GitConfigPath returns the repository git config path
609 614
 func (repo *Repository) GitConfigPath() string {
610
-	return filepath.Join(repo.RepoPath(), "config")
615
+	return GitConfigPath(repo.RepoPath())
611 616
 }
612 617
 
613 618
 // RelLink returns the repository relative link

+ 40 - 7
models/repo_mirror.go

@@ -76,17 +76,23 @@ func (m *Mirror) ScheduleNextUpdate() {
76 76
 	m.NextUpdate = time.Now().Add(m.Interval)
77 77
 }
78 78
 
79
+func remoteAddress(repoPath string) (string, error) {
80
+	cfg, err := ini.Load(GitConfigPath(repoPath))
81
+	if err != nil {
82
+		return "", err
83
+	}
84
+	return cfg.Section("remote \"origin\"").Key("url").Value(), nil
85
+}
86
+
79 87
 func (m *Mirror) readAddress() {
80 88
 	if len(m.address) > 0 {
81 89
 		return
82 90
 	}
83
-
84
-	cfg, err := ini.Load(m.Repo.GitConfigPath())
91
+	var err error
92
+	m.address, err = remoteAddress(m.Repo.RepoPath())
85 93
 	if err != nil {
86
-		log.Error(4, "Load: %v", err)
87
-		return
94
+		log.Error(4, "remoteAddress: %v", err)
88 95
 	}
89
-	m.address = cfg.Section("remote \"origin\"").Key("url").Value()
90 96
 }
91 97
 
92 98
 // HandleCloneUserCredentials replaces user credentials from HTTP/HTTPS URL
@@ -107,6 +113,19 @@ func HandleCloneUserCredentials(url string, mosaics bool) string {
107 113
 	return url[:start+3] + url[i+1:]
108 114
 }
109 115
 
116
+// sanitizeOutput sanitizes output of a command, replacing occurrences of the
117
+// repository's remote address with a sanitized version.
118
+func sanitizeOutput(output, repoPath string) (string, error) {
119
+	remoteAddr, err := remoteAddress(repoPath)
120
+	if err != nil {
121
+		// if we're unable to load the remote address, then we're unable to
122
+		// sanitize.
123
+		return "", err
124
+	}
125
+	sanitized := HandleCloneUserCredentials(remoteAddr, true)
126
+	return strings.Replace(output, remoteAddr, sanitized, -1), nil
127
+}
128
+
110 129
 // Address returns mirror address from Git repository config without credentials.
111 130
 func (m *Mirror) Address() string {
112 131
 	m.readAddress()
@@ -145,7 +164,14 @@ func (m *Mirror) runSync() bool {
145 164
 	if _, stderr, err := process.GetManager().ExecDir(
146 165
 		timeout, repoPath, fmt.Sprintf("Mirror.runSync: %s", repoPath),
147 166
 		"git", gitArgs...); err != nil {
148
-		desc := fmt.Sprintf("Failed to update mirror repository '%s': %s", repoPath, stderr)
167
+		// sanitize the output, since it may contain the remote address, which may
168
+		// contain a password
169
+		message, err := sanitizeOutput(stderr, repoPath)
170
+		if err != nil {
171
+			log.Error(4, "sanitizeOutput: %v", err)
172
+			return false
173
+		}
174
+		desc := fmt.Sprintf("Failed to update mirror repository '%s': %s", repoPath, message)
149 175
 		log.Error(4, desc)
150 176
 		if err = CreateRepositoryNotice(desc); err != nil {
151 177
 			log.Error(4, "CreateRepositoryNotice: %v", err)
@@ -170,7 +196,14 @@ func (m *Mirror) runSync() bool {
170 196
 		if _, stderr, err := process.GetManager().ExecDir(
171 197
 			timeout, wikiPath, fmt.Sprintf("Mirror.runSync: %s", wikiPath),
172 198
 			"git", "remote", "update", "--prune"); err != nil {
173
-			desc := fmt.Sprintf("Failed to update mirror wiki repository '%s': %s", wikiPath, stderr)
199
+			// sanitize the output, since it may contain the remote address, which may
200
+			// contain a password
201
+			message, err := sanitizeOutput(stderr, wikiPath)
202
+			if err != nil {
203
+				log.Error(4, "sanitizeOutput: %v", err)
204
+				return false
205
+			}
206
+			desc := fmt.Sprintf("Failed to update mirror wiki repository '%s': %s", wikiPath, message)
174 207
 			log.Error(4, desc)
175 208
 			if err = CreateRepositoryNotice(desc); err != nil {
176 209
 				log.Error(4, "CreateRepositoryNotice: %v", err)