Use a more general (and faster) method to sanitize URLs with credentials (#19239)

Use a more general method to sanitize URLs with credentials: Simple and intuitive / Faster / Remove all credentials in all URLs
2025-11-04 16:40:24 +08:00 · 2022-03-31 10:25:40 +08:00
parent 84038f33f4
commit c83168104b
12 changed files with 114 additions and 205 deletions
--- a/modules/util/sanitize_test.go
+++ b/modules/util/sanitize_test.go
@@ -11,154 +11,65 @@ import (
 	"github.com/stretchr/testify/assert"
 )

-func TestNewSanitizedError(t *testing.T) {
-	err := errors.New("error while secret on test")
-	err2 := NewSanitizedError(err)
-	assert.Equal(t, err.Error(), err2.Error())
-
-	cases := []struct {
-		input    error
-		oldnew   []string
-		expected string
-	}{
-		// case 0
-		{
-			errors.New("error while secret on test"),
-			[]string{"secret", "replaced"},
-			"error while replaced on test",
-		},
-		// case 1
-		{
-			errors.New("error while sec-ret on test"),
-			[]string{"secret", "replaced"},
-			"error while sec-ret on test",
-		},
-	}
-
-	for n, c := range cases {
-		err := NewSanitizedError(c.input, c.oldnew...)
-
-		assert.Equal(t, c.expected, err.Error(), "case %d: error should match", n)
-	}
+func TestSanitizeErrorCredentialURLs(t *testing.T) {
+	err := errors.New("error with https://a@b.com")
+	se := SanitizeErrorCredentialURLs(err)
+	assert.Equal(t, "error with https://"+userPlaceholder+"@b.com", se.Error())
 }

-func TestNewStringURLSanitizer(t *testing.T) {
+func TestSanitizeCredentialURLs(t *testing.T) {
 	cases := []struct {
-		input       string
-		placeholder bool
-		expected    string
+		input    string
+		expected string
 	}{
-		// case 0
 		{
 			"https://github.com/go-gitea/test_repo.git",
-			true,
 			"https://github.com/go-gitea/test_repo.git",
 		},
-		// case 1
-		{
-			"https://github.com/go-gitea/test_repo.git",
-			false,
-			"https://github.com/go-gitea/test_repo.git",
-		},
-		// case 2
 		{
 			"https://mytoken@github.com/go-gitea/test_repo.git",
-			true,
 			"https://" + userPlaceholder + "@github.com/go-gitea/test_repo.git",
 		},
-		// case 3
-		{
-			"https://mytoken@github.com/go-gitea/test_repo.git",
-			false,
-			"https://github.com/go-gitea/test_repo.git",
-		},
-		// case 4
 		{
 			"https://user:password@github.com/go-gitea/test_repo.git",
-			true,
 			"https://" + userPlaceholder + "@github.com/go-gitea/test_repo.git",
 		},
-		// case 5
 		{
-			"https://user:password@github.com/go-gitea/test_repo.git",
-			false,
-			"https://github.com/go-gitea/test_repo.git",
+			"ftp://x@",
+			"ftp://" + userPlaceholder + "@",
 		},
-		// case 6
 		{
-			"https://gi\nthub.com/go-gitea/test_repo.git",
-			false,
-			unparsableURL,
+			"ftp://x/@",
+			"ftp://x/@",
+		},
+		{
+			"ftp://u@x/@", // test multiple @ chars
+			"ftp://" + userPlaceholder + "@x/@",
+		},
+		{
+			"😊ftp://u@x😊", // test unicode
+			"😊ftp://" + userPlaceholder + "@x😊",
+		},
+		{
+			"://@",
+			"://@",
+		},
+		{
+			"//u:p@h", // do not process URLs without explicit scheme, they are not treated as "valid" URLs because there is no scheme context in string
+			"//u:p@h",
+		},
+		{
+			"s://u@h", // the minimal pattern to be sanitized
+			"s://" + userPlaceholder + "@h",
+		},
+		{
+			"URLs in log https://u:b@h and https://u:b@h:80/, with https://h.com and u@h.com",
+			"URLs in log https://" + userPlaceholder + "@h and https://" + userPlaceholder + "@h:80/, with https://h.com and u@h.com",
 		},
 	}

 	for n, c := range cases {
-		// uses NewURLSanitizer internally
-		result := NewStringURLSanitizer(c.input, c.placeholder).Replace(c.input)
-
+		result := SanitizeCredentialURLs(c.input)
 		assert.Equal(t, c.expected, result, "case %d: error should match", n)
 	}
 }
-
-func TestNewStringURLSanitizedError(t *testing.T) {
-	cases := []struct {
-		input       string
-		placeholder bool
-		expected    string
-	}{
-		// case 0
-		{
-			"https://github.com/go-gitea/test_repo.git",
-			true,
-			"https://github.com/go-gitea/test_repo.git",
-		},
-		// case 1
-		{
-			"https://github.com/go-gitea/test_repo.git",
-			false,
-			"https://github.com/go-gitea/test_repo.git",
-		},
-		// case 2
-		{
-			"https://mytoken@github.com/go-gitea/test_repo.git",
-			true,
-			"https://" + userPlaceholder + "@github.com/go-gitea/test_repo.git",
-		},
-		// case 3
-		{
-			"https://mytoken@github.com/go-gitea/test_repo.git",
-			false,
-			"https://github.com/go-gitea/test_repo.git",
-		},
-		// case 4
-		{
-			"https://user:password@github.com/go-gitea/test_repo.git",
-			true,
-			"https://" + userPlaceholder + "@github.com/go-gitea/test_repo.git",
-		},
-		// case 5
-		{
-			"https://user:password@github.com/go-gitea/test_repo.git",
-			false,
-			"https://github.com/go-gitea/test_repo.git",
-		},
-		// case 6
-		{
-			"https://gi\nthub.com/go-gitea/test_repo.git",
-			false,
-			unparsableURL,
-		},
-	}
-
-	encloseText := func(input string) string {
-		return "test " + input + " test"
-	}
-
-	for n, c := range cases {
-		err := errors.New(encloseText(c.input))
-
-		result := NewStringURLSanitizedError(err, c.input, c.placeholder)
-
-		assert.Equal(t, encloseText(c.expected), result.Error(), "case %d: error should match", n)
-	}
-}