mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-31 12:45:57 +00:00
Hide sensitive content on admin panel progress monitor (#19218)
Sanitize urls within git process descriptions. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
parent
41b60d94db
commit
c29fbc6d23
|
@ -17,6 +17,7 @@ import (
|
||||||
|
|
||||||
"code.gitea.io/gitea/modules/log"
|
"code.gitea.io/gitea/modules/log"
|
||||||
"code.gitea.io/gitea/modules/process"
|
"code.gitea.io/gitea/modules/process"
|
||||||
|
"code.gitea.io/gitea/modules/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
@ -142,7 +143,21 @@ func (c *Command) RunWithContext(rc *RunContext) error {
|
||||||
|
|
||||||
desc := c.desc
|
desc := c.desc
|
||||||
if desc == "" {
|
if desc == "" {
|
||||||
desc = fmt.Sprintf("%s %s [repo_path: %s]", c.name, strings.Join(c.args[c.globalArgsLength:], " "), rc.Dir)
|
args := c.args[c.globalArgsLength:]
|
||||||
|
var argSensitiveURLIndexes []int
|
||||||
|
for i, arg := range c.args {
|
||||||
|
if strings.Contains(arg, "://") && strings.Contains(arg, "@") {
|
||||||
|
argSensitiveURLIndexes = append(argSensitiveURLIndexes, i)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if len(argSensitiveURLIndexes) > 0 {
|
||||||
|
args = make([]string, len(c.args))
|
||||||
|
copy(args, c.args)
|
||||||
|
for _, urlArgIndex := range argSensitiveURLIndexes {
|
||||||
|
args[urlArgIndex] = util.NewStringURLSanitizer(args[urlArgIndex], true).Replace(args[urlArgIndex])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
desc = fmt.Sprintf("%s %s [repo_path: %s]", c.name, strings.Join(args, " "), rc.Dir)
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx, cancel, finished := process.GetManager().AddContextTimeout(c.parentContext, rc.Timeout, desc)
|
ctx, cancel, finished := process.GetManager().AddContextTimeout(c.parentContext, rc.Timeout, desc)
|
||||||
|
|
|
@ -19,6 +19,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"code.gitea.io/gitea/modules/proxy"
|
"code.gitea.io/gitea/modules/proxy"
|
||||||
|
"code.gitea.io/gitea/modules/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
// GPGSettings represents the default GPG settings for this repository
|
// GPGSettings represents the default GPG settings for this repository
|
||||||
|
@ -154,6 +155,12 @@ func CloneWithArgs(ctx context.Context, from, to string, args []string, opts Clo
|
||||||
}
|
}
|
||||||
cmd.AddArguments("--", from, to)
|
cmd.AddArguments("--", from, to)
|
||||||
|
|
||||||
|
if strings.Contains(from, "://") && strings.Contains(from, "@") {
|
||||||
|
cmd.SetDescription(fmt.Sprintf("clone branch %s from %s to %s (shared: %t, mirror: %t, depth: %d)", opts.Branch, util.NewStringURLSanitizer(from, true).Replace(from), to, opts.Shared, opts.Mirror, opts.Depth))
|
||||||
|
} else {
|
||||||
|
cmd.SetDescription(fmt.Sprintf("clone branch %s from %s to %s (shared: %t, mirror: %t, depth: %d)", opts.Branch, from, to, opts.Shared, opts.Mirror, opts.Depth))
|
||||||
|
}
|
||||||
|
|
||||||
if opts.Timeout <= 0 {
|
if opts.Timeout <= 0 {
|
||||||
opts.Timeout = -1
|
opts.Timeout = -1
|
||||||
}
|
}
|
||||||
|
@ -201,6 +208,11 @@ func Push(ctx context.Context, repoPath string, opts PushOptions) error {
|
||||||
if len(opts.Branch) > 0 {
|
if len(opts.Branch) > 0 {
|
||||||
cmd.AddArguments(opts.Branch)
|
cmd.AddArguments(opts.Branch)
|
||||||
}
|
}
|
||||||
|
if strings.Contains(opts.Remote, "://") && strings.Contains(opts.Remote, "@") {
|
||||||
|
cmd.SetDescription(fmt.Sprintf("push branch %s to %s (force: %t, mirror: %t)", opts.Branch, util.NewStringURLSanitizer(opts.Remote, true).Replace(opts.Remote), opts.Force, opts.Mirror))
|
||||||
|
} else {
|
||||||
|
cmd.SetDescription(fmt.Sprintf("push branch %s to %s (force: %t, mirror: %t)", opts.Branch, opts.Remote, opts.Force, opts.Mirror))
|
||||||
|
}
|
||||||
var outbuf, errbuf strings.Builder
|
var outbuf, errbuf strings.Builder
|
||||||
|
|
||||||
if opts.Timeout == 0 {
|
if opts.Timeout == 0 {
|
||||||
|
|
|
@ -38,7 +38,13 @@ func UpdateAddress(ctx context.Context, m *repo_model.Mirror, addr string) error
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = git.NewCommand(ctx, "remote", "add", remoteName, "--mirror=fetch", addr).RunInDir(repoPath)
|
cmd := git.NewCommand(ctx, "remote", "add", remoteName, "--mirror=fetch", addr)
|
||||||
|
if strings.Contains(addr, "://") && strings.Contains(addr, "@") {
|
||||||
|
cmd.SetDescription(fmt.Sprintf("remote add %s --mirror=fetch %s [repo_path: %s]", remoteName, util.NewStringURLSanitizer(addr, true).Replace(addr), repoPath))
|
||||||
|
} else {
|
||||||
|
cmd.SetDescription(fmt.Sprintf("remote add %s --mirror=fetch %s [repo_path: %s]", remoteName, addr, repoPath))
|
||||||
|
}
|
||||||
|
_, err = cmd.RunInDir(repoPath)
|
||||||
if err != nil && !strings.HasPrefix(err.Error(), "exit status 128 - fatal: No such remote ") {
|
if err != nil && !strings.HasPrefix(err.Error(), "exit status 128 - fatal: No such remote ") {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -52,7 +58,13 @@ func UpdateAddress(ctx context.Context, m *repo_model.Mirror, addr string) error
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = git.NewCommand(ctx, "remote", "add", remoteName, "--mirror=fetch", wikiRemotePath).RunInDir(wikiPath)
|
cmd = git.NewCommand(ctx, "remote", "add", remoteName, "--mirror=fetch", wikiRemotePath)
|
||||||
|
if strings.Contains(wikiRemotePath, "://") && strings.Contains(wikiRemotePath, "@") {
|
||||||
|
cmd.SetDescription(fmt.Sprintf("remote add %s --mirror=fetch %s [repo_path: %s]", remoteName, util.NewStringURLSanitizer(wikiRemotePath, true).Replace(wikiRemotePath), wikiPath))
|
||||||
|
} else {
|
||||||
|
cmd.SetDescription(fmt.Sprintf("remote add %s --mirror=fetch %s [repo_path: %s]", remoteName, wikiRemotePath, wikiPath))
|
||||||
|
}
|
||||||
|
_, err = cmd.RunInDir(wikiPath)
|
||||||
if err != nil && !strings.HasPrefix(err.Error(), "exit status 128 - fatal: No such remote ") {
|
if err != nil && !strings.HasPrefix(err.Error(), "exit status 128 - fatal: No such remote ") {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,6 +10,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"regexp"
|
"regexp"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
repo_model "code.gitea.io/gitea/models/repo"
|
repo_model "code.gitea.io/gitea/models/repo"
|
||||||
|
@ -28,7 +29,13 @@ var stripExitStatus = regexp.MustCompile(`exit status \d+ - `)
|
||||||
// AddPushMirrorRemote registers the push mirror remote.
|
// AddPushMirrorRemote registers the push mirror remote.
|
||||||
func AddPushMirrorRemote(ctx context.Context, m *repo_model.PushMirror, addr string) error {
|
func AddPushMirrorRemote(ctx context.Context, m *repo_model.PushMirror, addr string) error {
|
||||||
addRemoteAndConfig := func(addr, path string) error {
|
addRemoteAndConfig := func(addr, path string) error {
|
||||||
if _, err := git.NewCommand(ctx, "remote", "add", "--mirror=push", m.RemoteName, addr).RunInDir(path); err != nil {
|
cmd := git.NewCommand(ctx, "remote", "add", "--mirror=push", m.RemoteName, addr)
|
||||||
|
if strings.Contains(addr, "://") && strings.Contains(addr, "@") {
|
||||||
|
cmd.SetDescription(fmt.Sprintf("remote add %s --mirror=push %s [repo_path: %s]", m.RemoteName, util.NewStringURLSanitizer(addr, true).Replace(addr), path))
|
||||||
|
} else {
|
||||||
|
cmd.SetDescription(fmt.Sprintf("remote add %s --mirror=push %s [repo_path: %s]", m.RemoteName, addr, path))
|
||||||
|
}
|
||||||
|
if _, err := cmd.RunInDir(path); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if _, err := git.NewCommand(ctx, "config", "--add", "remote."+m.RemoteName+".push", "+refs/heads/*:refs/heads/*").RunInDir(path); err != nil {
|
if _, err := git.NewCommand(ctx, "config", "--add", "remote."+m.RemoteName+".push", "+refs/heads/*:refs/heads/*").RunInDir(path); err != nil {
|
||||||
|
|
Loading…
Reference in a new issue