afan
/
gitea
보기 1
좋아요 0
포크 0
코드 이슈 0 풀 리퀘스트 0 릴리즈 0 위키 Activity
gitea源码
2 커밋
2 브랜치
트리: f5d5e77162
브랜치 태그
${ item.name }
Create branch ${ searchTerm }
from 'f5d5e77162'
${ noResults }
gitea/modules/util/sanitize.go

sanitize.go 2.4KB
히스토리 Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273 
  1. // Copyright 2021 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package util

  5. 

  6. import (

  7. 	"bytes"

  8. 	"unicode"

  9. )

  10. 

  11. type sanitizedError struct {

  12. 	err error

  13. }

  14. 

  15. func (err sanitizedError) Error() string {

  16. 	return SanitizeCredentialURLs(err.err.Error())

  17. }

  18. 

  19. func (err sanitizedError) Unwrap() error {

  20. 	return err.err

  21. }

  22. 

  23. // SanitizeErrorCredentialURLs wraps the error and make sure the returned error message doesn't contain sensitive credentials in URLs

  24. func SanitizeErrorCredentialURLs(err error) error {

  25. 	return sanitizedError{err: err}

  26. }

  27. 

  28. const userPlaceholder = "sanitized-credential"

  29. 

  30. var schemeSep = []byte("://")

  31. 

  32. // SanitizeCredentialURLs remove all credentials in URLs (starting with "scheme://") for the input string: "https://user:pass@domain.com" => "https://sanitized-credential@domain.com"

  33. func SanitizeCredentialURLs(s string) string {

  34. 	bs := UnsafeStringToBytes(s)

  35. 	schemeSepPos := bytes.Index(bs, schemeSep)

  36. 	if schemeSepPos == -1 || bytes.IndexByte(bs[schemeSepPos:], '@') == -1 {

  37. 		return s // fast return if there is no URL scheme or no userinfo

  38. 	}

  39. 	out := make([]byte, 0, len(bs)+len(userPlaceholder))

  40. 	for schemeSepPos != -1 {

  41. 		schemeSepPos += 3         // skip the "://"

  42. 		sepAtPos := -1            // the possible '@' position: "https://foo@[^here]host"

  43. 		sepEndPos := schemeSepPos // the possible end position: "The https://host[^here] in log for test"

  44. 	sepLoop:

  45. 		for ; sepEndPos < len(bs); sepEndPos++ {

  46. 			c := bs[sepEndPos]

  47. 			if ('A' <= c && c <= 'Z') || ('a' <= c && c <= 'z') || ('0' <= c && c <= '9') {

  48. 				continue

  49. 			}

  50. 			switch c {

  51. 			case '@':

  52. 				sepAtPos = sepEndPos

  53. 			case '-', '.', '_', '~', '!', '$', '&', '\'', '(', ')', '*', '+', ',', ';', '=', ':', '%':

  54. 				continue // due to RFC 3986, userinfo can contain - . _ ~ ! $ & ' ( ) * + , ; = : and any percent-encoded chars

  55. 			default:

  56. 				break sepLoop // if it is an invalid char for URL (eg: space, '/', and others), stop the loop

  57. 			}

  58. 		}

  59. 		// if there is '@', and the string is like "s://u@h", then hide the "u" part

  60. 		if sepAtPos != -1 && (schemeSepPos >= 4 && unicode.IsLetter(rune(bs[schemeSepPos-4]))) && sepAtPos-schemeSepPos > 0 && sepEndPos-sepAtPos > 0 {

  61. 			out = append(out, bs[:schemeSepPos]...)

  62. 			out = append(out, userPlaceholder...)

  63. 			out = append(out, bs[sepAtPos:sepEndPos]...)

  64. 		} else {

  65. 			out = append(out, bs[:sepEndPos]...)

  66. 		}

  67. 		bs = bs[sepEndPos:]

  68. 		schemeSepPos = bytes.Index(bs, schemeSep)

  69. 	}

  70. 	out = append(out, bs...)

  71. 	return UnsafeBytesToString(out)

  72. }