forgejo/modules/util/sanitize.go

// Copyright 2021 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package util

import (
	"net/url"
	"strings"
)

const userPlaceholder = "sanitized-credential"
const unparsableURL = "(unparsable url)"

type sanitizedError struct {
	err      error
	replacer *strings.Replacer
}

func (err sanitizedError) Error() string {
	return err.replacer.Replace(err.err.Error())
}

// NewSanitizedError wraps an error and replaces all old, new string pairs in the message text.
func NewSanitizedError(err error, oldnew ...string) error {
	return sanitizedError{err: err, replacer: strings.NewReplacer(oldnew...)}
}

// NewURLSanitizedError wraps an error and replaces the url credential or removes them.
func NewURLSanitizedError(err error, u *url.URL, usePlaceholder bool) error {
	return sanitizedError{err: err, replacer: NewURLSanitizer(u, usePlaceholder)}
}

// NewStringURLSanitizedError wraps an error and replaces the url credential or removes them.
// If the url can't get parsed it gets replaced with a placeholder string.
func NewStringURLSanitizedError(err error, unsanitizedURL string, usePlaceholder bool) error {
	return sanitizedError{err: err, replacer: NewStringURLSanitizer(unsanitizedURL, usePlaceholder)}
}

// NewURLSanitizer creates a replacer for the url with the credential sanitized or removed.
func NewURLSanitizer(u *url.URL, usePlaceholder bool) *strings.Replacer {
	old := u.String()

	if u.User != nil && usePlaceholder {
		u.User = url.User(userPlaceholder)
	} else {
		u.User = nil
	}
	return strings.NewReplacer(old, u.String())
}

// NewStringURLSanitizer creates a replacer for the url with the credential sanitized or removed.
// If the url can't get parsed it gets replaced with a placeholder string
func NewStringURLSanitizer(unsanitizedURL string, usePlaceholder bool) *strings.Replacer {
	u, err := url.Parse(unsanitizedURL)
	if err != nil {
		// don't log the error, since it might contain unsanitized URL.
		return strings.NewReplacer(unsanitizedURL, unparsableURL)
	}
	return NewURLSanitizer(u, usePlaceholder)
}
Add push to remote mirror repository (#15157) * Added push mirror model. * Integrated push mirror into queue. * Moved methods into own file. * Added basic implementation. * Mirror wiki too. * Removed duplicated method. * Get url for different remotes. * Added migration. * Unified remote url access. * Add/Remove push mirror remotes. * Prevent hangs with missing credentials. * Moved code between files. * Changed sanitizer interface. * Added push mirror backend methods. * Only update the mirror remote. * Limit refs on push. * Added UI part. * Added missing table. * Delete mirror if repository gets removed. * Changed signature. Handle object errors. * Added upload method. * Added "upload" unit tests. * Added transfer adapter unit tests. * Send correct headers. * Added pushing of LFS objects. * Added more logging. * Simpler body handling. * Process files in batches to reduce HTTP calls. * Added created timestamp. * Fixed invalid column name. * Changed name to prevent xorm auto setting. * Remove table header im empty. * Strip exit code from error message. * Added docs page about mirroring. * Fixed date. * Fixed merge errors. * Moved test to integrations. * Added push mirror test. * Added test. 2021-06-14 19:20:43 +02:00			`// Copyright 2021 The Gitea Authors. All rights reserved.`
Fix error message sanitiziation (#3082) 2017-12-03 17:48:03 -08:00			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

			`package util`

			`import (`
			`"net/url"`
			`"strings"`
			`)`

Add push to remote mirror repository (#15157) * Added push mirror model. * Integrated push mirror into queue. * Moved methods into own file. * Added basic implementation. * Mirror wiki too. * Removed duplicated method. * Get url for different remotes. * Added migration. * Unified remote url access. * Add/Remove push mirror remotes. * Prevent hangs with missing credentials. * Moved code between files. * Changed sanitizer interface. * Added push mirror backend methods. * Only update the mirror remote. * Limit refs on push. * Added UI part. * Added missing table. * Delete mirror if repository gets removed. * Changed signature. Handle object errors. * Added upload method. * Added "upload" unit tests. * Added transfer adapter unit tests. * Send correct headers. * Added pushing of LFS objects. * Added more logging. * Simpler body handling. * Process files in batches to reduce HTTP calls. * Added created timestamp. * Fixed invalid column name. * Changed name to prevent xorm auto setting. * Remove table header im empty. * Strip exit code from error message. * Added docs page about mirroring. * Fixed date. * Fixed merge errors. * Moved test to integrations. * Added push mirror test. * Added test. 2021-06-14 19:20:43 +02:00			`const userPlaceholder = "sanitized-credential"`
			`const unparsableURL = "(unparsable url)"`

			`type sanitizedError struct {`
			`err error`
			`replacer *strings.Replacer`
Fix error message sanitiziation (#3082) 2017-12-03 17:48:03 -08:00			`}`

Add push to remote mirror repository (#15157) * Added push mirror model. * Integrated push mirror into queue. * Moved methods into own file. * Added basic implementation. * Mirror wiki too. * Removed duplicated method. * Get url for different remotes. * Added migration. * Unified remote url access. * Add/Remove push mirror remotes. * Prevent hangs with missing credentials. * Moved code between files. * Changed sanitizer interface. * Added push mirror backend methods. * Only update the mirror remote. * Limit refs on push. * Added UI part. * Added missing table. * Delete mirror if repository gets removed. * Changed signature. Handle object errors. * Added upload method. * Added "upload" unit tests. * Added transfer adapter unit tests. * Send correct headers. * Added pushing of LFS objects. * Added more logging. * Simpler body handling. * Process files in batches to reduce HTTP calls. * Added created timestamp. * Fixed invalid column name. * Changed name to prevent xorm auto setting. * Remove table header im empty. * Strip exit code from error message. * Added docs page about mirroring. * Fixed date. * Fixed merge errors. * Moved test to integrations. * Added push mirror test. * Added test. 2021-06-14 19:20:43 +02:00			`func (err sanitizedError) Error() string {`
			`return err.replacer.Replace(err.err.Error())`
Fix error message sanitiziation (#3082) 2017-12-03 17:48:03 -08:00			`}`

Add push to remote mirror repository (#15157) * Added push mirror model. * Integrated push mirror into queue. * Moved methods into own file. * Added basic implementation. * Mirror wiki too. * Removed duplicated method. * Get url for different remotes. * Added migration. * Unified remote url access. * Add/Remove push mirror remotes. * Prevent hangs with missing credentials. * Moved code between files. * Changed sanitizer interface. * Added push mirror backend methods. * Only update the mirror remote. * Limit refs on push. * Added UI part. * Added missing table. * Delete mirror if repository gets removed. * Changed signature. Handle object errors. * Added upload method. * Added "upload" unit tests. * Added transfer adapter unit tests. * Send correct headers. * Added pushing of LFS objects. * Added more logging. * Simpler body handling. * Process files in batches to reduce HTTP calls. * Added created timestamp. * Fixed invalid column name. * Changed name to prevent xorm auto setting. * Remove table header im empty. * Strip exit code from error message. * Added docs page about mirroring. * Fixed date. * Fixed merge errors. * Moved test to integrations. * Added push mirror test. * Added test. 2021-06-14 19:20:43 +02:00			`// NewSanitizedError wraps an error and replaces all old, new string pairs in the message text.`
			`func NewSanitizedError(err error, oldnew ...string) error {`
			`return sanitizedError{err: err, replacer: strings.NewReplacer(oldnew...)}`
Fix error message sanitiziation (#3082) 2017-12-03 17:48:03 -08:00			`}`

Add push to remote mirror repository (#15157) * Added push mirror model. * Integrated push mirror into queue. * Moved methods into own file. * Added basic implementation. * Mirror wiki too. * Removed duplicated method. * Get url for different remotes. * Added migration. * Unified remote url access. * Add/Remove push mirror remotes. * Prevent hangs with missing credentials. * Moved code between files. * Changed sanitizer interface. * Added push mirror backend methods. * Only update the mirror remote. * Limit refs on push. * Added UI part. * Added missing table. * Delete mirror if repository gets removed. * Changed signature. Handle object errors. * Added upload method. * Added "upload" unit tests. * Added transfer adapter unit tests. * Send correct headers. * Added pushing of LFS objects. * Added more logging. * Simpler body handling. * Process files in batches to reduce HTTP calls. * Added created timestamp. * Fixed invalid column name. * Changed name to prevent xorm auto setting. * Remove table header im empty. * Strip exit code from error message. * Added docs page about mirroring. * Fixed date. * Fixed merge errors. * Moved test to integrations. * Added push mirror test. * Added test. 2021-06-14 19:20:43 +02:00			`// NewURLSanitizedError wraps an error and replaces the url credential or removes them.`
			`func NewURLSanitizedError(err error, u *url.URL, usePlaceholder bool) error {`
			`return sanitizedError{err: err, replacer: NewURLSanitizer(u, usePlaceholder)}`
Fix error message sanitiziation (#3082) 2017-12-03 17:48:03 -08:00			`}`

Add push to remote mirror repository (#15157) * Added push mirror model. * Integrated push mirror into queue. * Moved methods into own file. * Added basic implementation. * Mirror wiki too. * Removed duplicated method. * Get url for different remotes. * Added migration. * Unified remote url access. * Add/Remove push mirror remotes. * Prevent hangs with missing credentials. * Moved code between files. * Changed sanitizer interface. * Added push mirror backend methods. * Only update the mirror remote. * Limit refs on push. * Added UI part. * Added missing table. * Delete mirror if repository gets removed. * Changed signature. Handle object errors. * Added upload method. * Added "upload" unit tests. * Added transfer adapter unit tests. * Send correct headers. * Added pushing of LFS objects. * Added more logging. * Simpler body handling. * Process files in batches to reduce HTTP calls. * Added created timestamp. * Fixed invalid column name. * Changed name to prevent xorm auto setting. * Remove table header im empty. * Strip exit code from error message. * Added docs page about mirroring. * Fixed date. * Fixed merge errors. * Moved test to integrations. * Added push mirror test. * Added test. 2021-06-14 19:20:43 +02:00			`// NewStringURLSanitizedError wraps an error and replaces the url credential or removes them.`
			`// If the url can't get parsed it gets replaced with a placeholder string.`
			`func NewStringURLSanitizedError(err error, unsanitizedURL string, usePlaceholder bool) error {`
			`return sanitizedError{err: err, replacer: NewStringURLSanitizer(unsanitizedURL, usePlaceholder)}`
			`}`

			`// NewURLSanitizer creates a replacer for the url with the credential sanitized or removed.`
			`func NewURLSanitizer(u url.URL, usePlaceholder bool) strings.Replacer {`
			`old := u.String()`

Fix error message sanitiziation (#3082) 2017-12-03 17:48:03 -08:00			`if u.User != nil && usePlaceholder {`
Add push to remote mirror repository (#15157) * Added push mirror model. * Integrated push mirror into queue. * Moved methods into own file. * Added basic implementation. * Mirror wiki too. * Removed duplicated method. * Get url for different remotes. * Added migration. * Unified remote url access. * Add/Remove push mirror remotes. * Prevent hangs with missing credentials. * Moved code between files. * Changed sanitizer interface. * Added push mirror backend methods. * Only update the mirror remote. * Limit refs on push. * Added UI part. * Added missing table. * Delete mirror if repository gets removed. * Changed signature. Handle object errors. * Added upload method. * Added "upload" unit tests. * Added transfer adapter unit tests. * Send correct headers. * Added pushing of LFS objects. * Added more logging. * Simpler body handling. * Process files in batches to reduce HTTP calls. * Added created timestamp. * Fixed invalid column name. * Changed name to prevent xorm auto setting. * Remove table header im empty. * Strip exit code from error message. * Added docs page about mirroring. * Fixed date. * Fixed merge errors. * Moved test to integrations. * Added push mirror test. * Added test. 2021-06-14 19:20:43 +02:00			`u.User = url.User(userPlaceholder)`
Fix error message sanitiziation (#3082) 2017-12-03 17:48:03 -08:00			`} else {`
			`u.User = nil`
			`}`
Add push to remote mirror repository (#15157) * Added push mirror model. * Integrated push mirror into queue. * Moved methods into own file. * Added basic implementation. * Mirror wiki too. * Removed duplicated method. * Get url for different remotes. * Added migration. * Unified remote url access. * Add/Remove push mirror remotes. * Prevent hangs with missing credentials. * Moved code between files. * Changed sanitizer interface. * Added push mirror backend methods. * Only update the mirror remote. * Limit refs on push. * Added UI part. * Added missing table. * Delete mirror if repository gets removed. * Changed signature. Handle object errors. * Added upload method. * Added "upload" unit tests. * Added transfer adapter unit tests. * Send correct headers. * Added pushing of LFS objects. * Added more logging. * Simpler body handling. * Process files in batches to reduce HTTP calls. * Added created timestamp. * Fixed invalid column name. * Changed name to prevent xorm auto setting. * Remove table header im empty. * Strip exit code from error message. * Added docs page about mirroring. * Fixed date. * Fixed merge errors. * Moved test to integrations. * Added push mirror test. * Added test. 2021-06-14 19:20:43 +02:00			`return strings.NewReplacer(old, u.String())`
			`}`

			`// NewStringURLSanitizer creates a replacer for the url with the credential sanitized or removed.`
			`// If the url can't get parsed it gets replaced with a placeholder string`
			`func NewStringURLSanitizer(unsanitizedURL string, usePlaceholder bool) *strings.Replacer {`
			`u, err := url.Parse(unsanitizedURL)`
			`if err != nil {`
			`// don't log the error, since it might contain unsanitized URL.`
			`return strings.NewReplacer(unsanitizedURL, unparsableURL)`
			`}`
			`return NewURLSanitizer(u, usePlaceholder)`
Fix error message sanitiziation (#3082) 2017-12-03 17:48:03 -08:00			`}`