Commit 04f88742 authored by Douwe Maan's avatar Douwe Maan

Merge branch 'url-sanitizer-fixes' into 'master'

Fix problems sanitizing URLs with empty passwords

Closes gitlab-ee#3352

See merge request !14083
parents 29a34b3c c8bdb202
---
title: Fix problems sanitizing URLs with empty passwords
merge_request: 14083
author:
type: fixed
...@@ -9,7 +9,7 @@ module Gitlab ...@@ -9,7 +9,7 @@ module Gitlab
end end
def self.valid?(url) def self.valid?(url)
return false unless url return false unless url.present?
Addressable::URI.parse(url.strip) Addressable::URI.parse(url.strip)
...@@ -19,7 +19,12 @@ module Gitlab ...@@ -19,7 +19,12 @@ module Gitlab
end end
def initialize(url, credentials: nil) def initialize(url, credentials: nil)
@url = Addressable::URI.parse(url.strip) @url = Addressable::URI.parse(url.to_s.strip)
%i[user password].each do |symbol|
credentials[symbol] = credentials[symbol].presence if credentials&.key?(symbol)
end
@credentials = credentials @credentials = credentials
end end
...@@ -29,13 +34,13 @@ module Gitlab ...@@ -29,13 +34,13 @@ module Gitlab
def masked_url def masked_url
url = @url.dup url = @url.dup
url.password = "*****" unless url.password.nil? url.password = "*****" if url.password.present?
url.user = "*****" unless url.user.nil? url.user = "*****" if url.user.present?
url.to_s url.to_s
end end
def credentials def credentials
@credentials ||= { user: @url.user, password: @url.password } @credentials ||= { user: @url.user.presence, password: @url.password.presence }
end end
def full_url def full_url
...@@ -47,8 +52,10 @@ module Gitlab ...@@ -47,8 +52,10 @@ module Gitlab
def generate_full_url def generate_full_url
return @url unless valid_credentials? return @url unless valid_credentials?
@full_url = @url.dup @full_url = @url.dup
@full_url.user = credentials[:user]
@full_url.password = credentials[:password] @full_url.password = credentials[:password]
@full_url.user = credentials[:user]
@full_url @full_url
end end
......
require 'spec_helper' require 'spec_helper'
describe Gitlab::UrlSanitizer do describe Gitlab::UrlSanitizer do
let(:credentials) { { user: 'blah', password: 'password' } } using RSpec::Parameterized::TableSyntax
let(:url_sanitizer) do
described_class.new("https://github.com/me/project.git", credentials: credentials)
end
let(:user) { double(:user, username: 'john.doe') }
describe '.sanitize' do describe '.sanitize' do
def sanitize_url(url) def sanitize_url(url)
...@@ -16,83 +12,166 @@ describe Gitlab::UrlSanitizer do ...@@ -16,83 +12,166 @@ describe Gitlab::UrlSanitizer do
}) })
end end
it 'mask the credentials from HTTP URLs' do where(:input, :output) do
filtered_content = sanitize_url('http://user:pass@test.com/root/repoC.git/') 'http://user:pass@test.com/root/repoC.git/' | 'http://*****:*****@test.com/root/repoC.git/'
'https://user:pass@test.com/root/repoA.git/' | 'https://*****:*****@test.com/root/repoA.git/'
'ssh://user@host.test/path/to/repo.git' | 'ssh://*****@host.test/path/to/repo.git'
expect(filtered_content).to include("http://*****:*****@test.com/root/repoC.git/") # git protocol does not support authentication but clean any details anyway
end 'git://user:pass@host.test/path/to/repo.git' | 'git://*****:*****@host.test/path/to/repo.git'
'git://host.test/path/to/repo.git' | 'git://host.test/path/to/repo.git'
it 'mask the credentials from HTTPS URLs' do # SCP-style URLs are left unmodified
filtered_content = sanitize_url('https://user:pass@test.com/root/repoA.git/') 'user@server:project.git' | 'user@server:project.git'
'user:pass@server:project.git' | 'user:pass@server:project.git'
expect(filtered_content).to include("https://*****:*****@test.com/root/repoA.git/") # return an empty string for invalid URLs
'ssh://' | ''
end end
it 'mask credentials from SSH URLs' do with_them do
filtered_content = sanitize_url('ssh://user@host.test/path/to/repo.git') it { expect(sanitize_url(input)).to include("repository '#{output}' not found") }
end
expect(filtered_content).to include("ssh://*****@host.test/path/to/repo.git")
end end
it 'does not modify Git URLs' do describe '.valid?' do
# git protocol does not support authentication where(:value, :url) do
filtered_content = sanitize_url('git://host.test/path/to/repo.git') false | nil
false | ''
false | '123://invalid:url'
true | 'valid@project:url.git'
true | 'ssh://example.com'
true | 'ssh://:@example.com'
true | 'ssh://foo@example.com'
true | 'ssh://foo:bar@example.com'
true | 'ssh://foo:bar@example.com/group/group/project.git'
true | 'git://example.com/group/group/project.git'
true | 'git://foo:bar@example.com/group/group/project.git'
true | 'http://foo:bar@example.com/group/group/project.git'
true | 'https://foo:bar@example.com/group/group/project.git'
end
expect(filtered_content).to include("git://host.test/path/to/repo.git") with_them do
it { expect(described_class.valid?(url)).to eq(value) }
end
end end
it 'does not modify scp-like URLs' do describe '#sanitized_url' do
filtered_content = sanitize_url('user@server:project.git') context 'credentials in hash' do
where(username: ['foo', '', nil], password: ['bar', '', nil])
with_them do
let(:credentials) { { user: username, password: password } }
subject { described_class.new('http://example.com', credentials: credentials).sanitized_url }
expect(filtered_content).to include("user@server:project.git") it { is_expected.to eq('http://example.com') }
end end
end
context 'credentials in URL' do
where(userinfo: %w[foo:bar@ foo@ :bar@ :@ @] + [nil])
it 'returns an empty string for invalid URLs' do with_them do
filtered_content = sanitize_url('ssh://') subject { described_class.new("http://#{userinfo}example.com").sanitized_url }
expect(filtered_content).to include("repository '' not found") it { is_expected.to eq('http://example.com') }
end
end end
end end
describe '.valid?' do describe '#credentials' do
it 'validates url strings' do context 'credentials in hash' do
expect(described_class.valid?(nil)).to be(false) where(:input, :output) do
expect(described_class.valid?('valid@project:url.git')).to be(true) { user: 'foo', password: 'bar' } | { user: 'foo', password: 'bar' }
expect(described_class.valid?('123://invalid:url')).to be(false) { user: 'foo', password: '' } | { user: 'foo', password: nil }
{ user: 'foo', password: nil } | { user: 'foo', password: nil }
{ user: '', password: 'bar' } | { user: nil, password: 'bar' }
{ user: '', password: '' } | { user: nil, password: nil }
{ user: '', password: nil } | { user: nil, password: nil }
{ user: nil, password: 'bar' } | { user: nil, password: 'bar' }
{ user: nil, password: '' } | { user: nil, password: nil }
{ user: nil, password: nil } | { user: nil, password: nil }
end end
with_them do
subject { described_class.new('user@example.com:path.git', credentials: input).credentials }
it { is_expected.to eq(output) }
end end
describe '#sanitized_url' do it 'overrides URL-provided credentials' do
it { expect(url_sanitizer.sanitized_url).to eq("https://github.com/me/project.git") } sanitizer = described_class.new('http://a:b@example.com', credentials: { user: 'c', password: 'd' })
expect(sanitizer.credentials).to eq(user: 'c', password: 'd')
end
end end
describe '#credentials' do context 'credentials in URL' do
it { expect(url_sanitizer.credentials).to eq(credentials) } where(:url, :credentials) do
'http://foo:bar@example.com' | { user: 'foo', password: 'bar' }
'http://:bar@example.com' | { user: nil, password: 'bar' }
'http://foo:@example.com' | { user: 'foo', password: nil }
'http://foo@example.com' | { user: 'foo', password: nil }
'http://:@example.com' | { user: nil, password: nil }
'http://@example.com' | { user: nil, password: nil }
'http://example.com' | { user: nil, password: nil }
# Credentials from SCP-style URLs are not supported at present
'foo@example.com:path' | { user: nil, password: nil }
'foo:bar@example.com:path' | { user: nil, password: nil }
context 'when user is given to #initialize' do # Other invalid URLs
let(:url_sanitizer) do nil | { user: nil, password: nil }
described_class.new("https://github.com/me/project.git", credentials: { user: user.username }) '' | { user: nil, password: nil }
'no' | { user: nil, password: nil }
end end
it { expect(url_sanitizer.credentials).to eq({ user: 'john.doe' }) } with_them do
subject { described_class.new(url).credentials }
it { is_expected.to eq(credentials) }
end
end end
end end
describe '#full_url' do describe '#full_url' do
it { expect(url_sanitizer.full_url).to eq("https://blah:password@github.com/me/project.git") } context 'credentials in hash' do
where(:credentials, :userinfo) do
{ user: 'foo', password: 'bar' } | 'foo:bar@'
{ user: 'foo', password: '' } | 'foo@'
{ user: 'foo', password: nil } | 'foo@'
{ user: '', password: 'bar' } | ':bar@'
{ user: '', password: '' } | nil
{ user: '', password: nil } | nil
{ user: nil, password: 'bar' } | ':bar@'
{ user: nil, password: '' } | nil
{ user: nil, password: nil } | nil
end
it 'supports scp-like URLs' do with_them do
sanitizer = described_class.new('user@server:project.git') subject { described_class.new('http://example.com', credentials: credentials).full_url }
expect(sanitizer.full_url).to eq('user@server:project.git') it { is_expected.to eq("http://#{userinfo}example.com") }
end
end end
context 'when user is given to #initialize' do context 'credentials in URL' do
let(:url_sanitizer) do where(:input, :output) do
described_class.new("https://github.com/me/project.git", credentials: { user: user.username }) nil | ''
'' | :same
'git@example.com' | :same
'http://example.com' | :same
'http://foo@example.com' | :same
'http://foo:@example.com' | 'http://foo@example.com'
'http://:bar@example.com' | :same
'http://foo:bar@example.com' | :same
end end
it { expect(url_sanitizer.full_url).to eq("https://john.doe@github.com/me/project.git") } with_them do
let(:expected) { output == :same ? input : output }
it { expect(described_class.new(input).full_url).to eq(expected) }
end
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment