2017-12-04 07:18:03 +05:30
|
|
|
// Copyright 2017 The Gitea Authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a MIT-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
package util
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/url"
|
|
|
|
"strings"
|
|
|
|
)
|
|
|
|
|
|
|
|
// urlSafeError wraps an error whose message may contain a sensitive URL
|
|
|
|
type urlSafeError struct {
|
|
|
|
err error
|
|
|
|
unsanitizedURL string
|
|
|
|
}
|
|
|
|
|
|
|
|
func (err urlSafeError) Error() string {
|
|
|
|
return SanitizeMessage(err.err.Error(), err.unsanitizedURL)
|
|
|
|
}
|
|
|
|
|
|
|
|
// URLSanitizedError returns the sanitized version an error whose message may
|
|
|
|
// contain a sensitive URL
|
|
|
|
func URLSanitizedError(err error, unsanitizedURL string) error {
|
|
|
|
return urlSafeError{err: err, unsanitizedURL: unsanitizedURL}
|
|
|
|
}
|
|
|
|
|
|
|
|
// SanitizeMessage sanitizes a message which may contains a sensitive URL
|
|
|
|
func SanitizeMessage(message, unsanitizedURL string) string {
|
|
|
|
sanitizedURL := SanitizeURLCredentials(unsanitizedURL, true)
|
2020-10-12 01:57:20 +05:30
|
|
|
return strings.ReplaceAll(message, unsanitizedURL, sanitizedURL)
|
2017-12-04 07:18:03 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
// SanitizeURLCredentials sanitizes a url, either removing user credentials
|
|
|
|
// or replacing them with a placeholder.
|
|
|
|
func SanitizeURLCredentials(unsanitizedURL string, usePlaceholder bool) string {
|
|
|
|
u, err := url.Parse(unsanitizedURL)
|
|
|
|
if err != nil {
|
|
|
|
// don't log the error, since it might contain unsanitized URL.
|
|
|
|
return "(unparsable url)"
|
|
|
|
}
|
|
|
|
if u.User != nil && usePlaceholder {
|
|
|
|
u.User = url.User("<credentials>")
|
|
|
|
} else {
|
|
|
|
u.User = nil
|
|
|
|
}
|
|
|
|
return u.String()
|
|
|
|
}
|