debian-mirror-gitlab/lib/gitlab/url_sanitizer.rb

# frozen_string_literal: true

module Gitlab
  class UrlSanitizer
    include Gitlab::Utils::StrongMemoize

    ALLOWED_SCHEMES = %w[http https ssh git].freeze
    ALLOWED_WEB_SCHEMES = %w[http https].freeze
    SCHEMIFIED_SCHEME = 'glschemelessuri'
    SCHEMIFY_PLACEHOLDER = "#{SCHEMIFIED_SCHEME}://".freeze
    # URI::DEFAULT_PARSER.make_regexp will only match URLs with schemes or
    # relative URLs. This section will match schemeless URIs with userinfo
    # e.g. user:pass@gitlab.com but will not match scp-style URIs e.g.
    # user@server:path/to/file)
    #
    # The userinfo part is very loose compared to URI's implementation so we
    # also match non-escaped userinfo e.g foo:b?r@gitlab.com which should be
    # encoded as foo:b%3Fr@gitlab.com
    URI_REGEXP = %r{
    (?:
       #{URI::DEFAULT_PARSER.make_regexp(ALLOWED_SCHEMES)}
     |
       (?:(?:(?!@)[%#{URI::REGEXP::PATTERN::UNRESERVED}#{URI::REGEXP::PATTERN::RESERVED}])+(?:@))
       (?# negative lookahead ensures this isn't an SCP-style URL: [host]:[rel_path|abs_path] server:path/to/file)
       (?!#{URI::REGEXP::PATTERN::HOST}:(?:#{URI::REGEXP::PATTERN::REL_PATH}|#{URI::REGEXP::PATTERN::ABS_PATH}))
       #{URI::REGEXP::PATTERN::HOSTPORT}
    )
    }x

    def self.sanitize(content)
      content.gsub(URI_REGEXP) do |url|
        new(url).masked_url
      rescue Addressable::URI::InvalidURIError
        ''
      end
    end

    def self.valid?(url, allowed_schemes: ALLOWED_SCHEMES)
      return false unless url.present?
      return false unless url.is_a?(String)

      uri = Addressable::URI.parse(url.strip)

      allowed_schemes.include?(uri.scheme)
    rescue Addressable::URI::InvalidURIError
      false
    end

    def self.valid_web?(url)
      valid?(url, allowed_schemes: ALLOWED_WEB_SCHEMES)
    end

    def initialize(url, credentials: nil)
      %i[user password].each do |symbol|
        credentials[symbol] = credentials[symbol].presence if credentials&.key?(symbol)
      end

      @credentials = credentials
      @url = parse_url(url)
    end

    def credentials
      @credentials ||= { user: @url.user.presence, password: @url.password.presence }
    end

    def user
      credentials[:user]
    end

    def sanitized_url
      safe_url = @url.dup
      safe_url.password = nil
      safe_url.user = nil
      reverse_schemify(safe_url.to_s)
    end
    strong_memoize_attr :sanitized_url

    def masked_url
      url = @url.dup
      url.password = "*****" if url.password.present?
      url.user = "*****" if url.user.present?
      reverse_schemify(url.to_s)
    end
    strong_memoize_attr :masked_url

    def full_url
      return reverse_schemify(@url.to_s) unless valid_credentials?

      url = @url.dup
      url.password = encode_percent(credentials[:password]) if credentials[:password].present?
      url.user = encode_percent(credentials[:user]) if credentials[:user].present?
      reverse_schemify(url.to_s)
    end
    strong_memoize_attr :full_url

    private

    def parse_url(url)
      url = schemify(url.to_s.strip)
      match = url.match(%r{\A(?:(?:#{SCHEMIFIED_SCHEME}|git|ssh|http(?:s?)):)?//(?:(.+)(?:@))?(.+)}o)
      raw_credentials = match[1] if match

      if raw_credentials.present?
        url.sub!("#{raw_credentials}@", '')

        user, _, password = raw_credentials.partition(':')

        @credentials ||= {}
        @credentials[:user] = user.presence if @credentials[:user].blank?
        @credentials[:password] = password.presence if @credentials[:password].blank?
      end

      url = Addressable::URI.parse(url)
      url.password = password if password.present?
      url.user = user if user.present?
      url
    end

    def schemify(url)
      # Prepend the placeholder scheme unless the URL has a scheme or is relative
      url.prepend(SCHEMIFY_PLACEHOLDER) unless url.starts_with?(%r{(?:#{URI::REGEXP::PATTERN::SCHEME}:)?//}o)
      url
    end

    def reverse_schemify(url)
      url.slice!(SCHEMIFY_PLACEHOLDER) if url.starts_with?(SCHEMIFY_PLACEHOLDER)
      url
    end

    def valid_credentials?
      credentials.is_a?(Hash) && credentials.values.any?
    end

    def encode_percent(string)
      # CGI.escape converts spaces to +, but this doesn't work for git clone
      CGI.escape(string).gsub('+', '%20')
    end
  end
end
New upstream version 11.5.3+dfsg 2018-12-13 13:39:08 +05:30			`# frozen_string_literal: true`

Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`module Gitlab`
			`class UrlSanitizer`
New upstream version 15.9.7+ds1 2023-05-08 21:46:49 +05:30			`include Gitlab::Utils::StrongMemoize`

New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`ALLOWED_SCHEMES = %w[http https ssh git].freeze`
New upstream version 13.0.3 2020-05-30 21:06:31 +05:30			`ALLOWED_WEB_SCHEMES = %w[http https].freeze`
New upstream version 15.9.7+ds1 2023-05-08 21:46:49 +05:30			`SCHEMIFIED_SCHEME = 'glschemelessuri'`
			`SCHEMIFY_PLACEHOLDER = "#{SCHEMIFIED_SCHEME}://".freeze`
			`# URI::DEFAULT_PARSER.make_regexp will only match URLs with schemes or`
			`# relative URLs. This section will match schemeless URIs with userinfo`
			`# e.g. user:pass@gitlab.com but will not match scp-style URIs e.g.`
			`# user@server:path/to/file)`
			`#`
			`# The userinfo part is very loose compared to URI's implementation so we`
			`# also match non-escaped userinfo e.g foo:b?r@gitlab.com which should be`
			`# encoded as foo:b%3Fr@gitlab.com`
			`URI_REGEXP = %r{`
			`(?:`
			`#{URI::DEFAULT_PARSER.make_regexp(ALLOWED_SCHEMES)}`
			`\|`
			`(?:(?:(?!@)[%#{URI::REGEXP::PATTERN::UNRESERVED}#{URI::REGEXP::PATTERN::RESERVED}])+(?:@))`
			`(?# negative lookahead ensures this isn't an SCP-style URL: [host]:[rel_path\|abs_path] server:path/to/file)`
			`(?!#{URI::REGEXP::PATTERN::HOST}:(?:#{URI::REGEXP::PATTERN::REL_PATH}\|#{URI::REGEXP::PATTERN::ABS_PATH}))`
			`#{URI::REGEXP::PATTERN::HOSTPORT}`
			`)`
			`}x`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`def self.sanitize(content)`
New upstream version 15.9.7+ds1 2023-05-08 21:46:49 +05:30			`content.gsub(URI_REGEXP) do \|url\|`
			`new(url).masked_url`
			`rescue Addressable::URI::InvalidURIError`
			`''`
			`end`
Imported Upstream version 8.10.5+dfsg 2016-08-24 12:49:21 +05:30			`end`

New upstream version 13.0.3 2020-05-30 21:06:31 +05:30			`def self.valid?(url, allowed_schemes: ALLOWED_SCHEMES)`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`return false unless url.present?`
New upstream version 11.7.5 2019-02-15 15:39:39 +05:30			`return false unless url.is_a?(String)`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`uri = Addressable::URI.parse(url.strip)`
Imported Upstream version 8.10.5+dfsg 2016-08-24 12:49:21 +05:30
New upstream version 13.0.3 2020-05-30 21:06:31 +05:30			`allowed_schemes.include?(uri.scheme)`
Imported Upstream version 8.10.5+dfsg 2016-08-24 12:49:21 +05:30			`rescue Addressable::URI::InvalidURIError`
			`false`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`end`

New upstream version 13.0.3 2020-05-30 21:06:31 +05:30			`def self.valid_web?(url)`
			`valid?(url, allowed_schemes: ALLOWED_WEB_SCHEMES)`
			`end`

Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`def initialize(url, credentials: nil)`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`%i[user password].each do \|symbol\|`
			`credentials[symbol] = credentials[symbol].presence if credentials&.key?(symbol)`
			`end`

Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`@credentials = credentials`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`@url = parse_url(url)`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`end`

New upstream version 15.9.7+ds1 2023-05-08 21:46:49 +05:30			`def credentials`
			`@credentials \|\|= { user: @url.user.presence, password: @url.password.presence }`
			`end`

			`def user`
			`credentials[:user]`
			`end`

Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`def sanitized_url`
New upstream version 15.9.7+ds1 2023-05-08 21:46:49 +05:30			`safe_url = @url.dup`
			`safe_url.password = nil`
			`safe_url.user = nil`
			`reverse_schemify(safe_url.to_s)`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`end`
New upstream version 15.9.7+ds1 2023-05-08 21:46:49 +05:30			`strong_memoize_attr :sanitized_url`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30
			`def masked_url`
			`url = @url.dup`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`url.password = "*****" if url.password.present?`
			`url.user = "*****" if url.user.present?`
New upstream version 15.9.7+ds1 2023-05-08 21:46:49 +05:30			`reverse_schemify(url.to_s)`
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			`end`
New upstream version 15.9.7+ds1 2023-05-08 21:46:49 +05:30			`strong_memoize_attr :masked_url`
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30
			`def full_url`
New upstream version 15.9.7+ds1 2023-05-08 21:46:49 +05:30			`return reverse_schemify(@url.to_s) unless valid_credentials?`

			`url = @url.dup`
			`url.password = encode_percent(credentials[:password]) if credentials[:password].present?`
			`url.user = encode_percent(credentials[:user]) if credentials[:user].present?`
			`reverse_schemify(url.to_s)`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`end`
New upstream version 15.9.7+ds1 2023-05-08 21:46:49 +05:30			`strong_memoize_attr :full_url`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30
			`private`

New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`def parse_url(url)`
New upstream version 15.9.7+ds1 2023-05-08 21:46:49 +05:30			`url = schemify(url.to_s.strip)`
			`match = url.match(%r{\A(?:(?:#{SCHEMIFIED_SCHEME}\|git\|ssh\|http(?:s?)):)?//(?:(.+)(?:@))?(.+)}o)`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`raw_credentials = match[1] if match`

			`if raw_credentials.present?`
			`url.sub!("#{raw_credentials}@", '')`

New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`user, _, password = raw_credentials.partition(':')`
New upstream version 14.10.4+ds1 2022-06-21 17:19:12 +05:30
			`@credentials \|\|= {}`
			`@credentials[:user] = user.presence if @credentials[:user].blank?`
			`@credentials[:password] = password.presence if @credentials[:password].blank?`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`end`

			`url = Addressable::URI.parse(url)`
			`url.password = password if password.present?`
			`url.user = user if user.present?`
			`url`
			`end`

New upstream version 15.9.7+ds1 2023-05-08 21:46:49 +05:30			`def schemify(url)`
			`# Prepend the placeholder scheme unless the URL has a scheme or is relative`
			`url.prepend(SCHEMIFY_PLACEHOLDER) unless url.starts_with?(%r{(?:#{URI::REGEXP::PATTERN::SCHEME}:)?//}o)`
			`url`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`end`

New upstream version 15.9.7+ds1 2023-05-08 21:46:49 +05:30			`def reverse_schemify(url)`
			`url.slice!(SCHEMIFY_PLACEHOLDER) if url.starts_with?(SCHEMIFY_PLACEHOLDER)`
			`url`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`end`

			`def valid_credentials?`
New upstream version 15.9.7+ds1 2023-05-08 21:46:49 +05:30			`credentials.is_a?(Hash) && credentials.values.any?`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`end`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30
			`def encode_percent(string)`
			`# CGI.escape converts spaces to +, but this doesn't work for git clone`
			`CGI.escape(string).gsub('+', '%20')`
			`end`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`end`
			`end`