docker/buildx
1
0
Fork 0
mirror of https://gitea.com/Lydanne/buildx.git synced 2025-11-04 10:03:42 +08:00
Code Issues Packages Projects Releases 1 Wiki Activity

build: strip credentials from remote url on collecting Git provenance info

Browse Source 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax
2023-02-27 20:26:30 +01:00
committed by CrazyMax
parent 5ac3b4c4b6
commit d455c07331
2 changed files with 58 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
util/gitutil/gitutil.go
View File

@@ -3,6 +3,7 @@ package gitutil
import ( import (
"bytes" "bytes"
"context" "context"
"net/url"
"os" "os"
"os/exec" "os/exec"
"strings" "strings"
@@ -70,11 +71,11 @@ func (c *Git) RootDir() (string, error) {
func (c *Git) RemoteURL() (string, error) { func (c *Git) RemoteURL() (string, error) {
// Try to get the remote URL from the origin remote first // Try to get the remote URL from the origin remote first
if ru, err := c.clean(c.run("remote", "get-url", "origin")); err == nil && ru != "" { if ru, err := c.clean(c.run("remote", "get-url", "origin")); err == nil && ru != "" {
return ru, nil return stripCredentials(ru), nil
} }
// If that fails, try to get the remote URL from the upstream remote // If that fails, try to get the remote URL from the upstream remote
if ru, err := c.clean(c.run("remote", "get-url", "upstream")); err == nil && ru != "" { if ru, err := c.clean(c.run("remote", "get-url", "upstream")); err == nil && ru != "" {
return ru, nil return stripCredentials(ru), nil
} }
return "", errors.New("no remote URL found for either origin or upstream") return "", errors.New("no remote URL found for either origin or upstream")
} }
@@ -147,3 +148,16 @@ func IsUnknownRevision(err error) bool {
errMsg := strings.ToLower(err.Error()) errMsg := strings.ToLower(err.Error())
return strings.Contains(errMsg, "unknown revision or path not in the working tree") || strings.Contains(errMsg, "bad revision") return strings.Contains(errMsg, "unknown revision or path not in the working tree") || strings.Contains(errMsg, "bad revision")
} }
// stripCredentials takes a URL and strips username and password from it.
// e.g. "https://user:password@host.tld/path.git" will be changed to
// "https://host.tld/path.git".
// TODO: remove this function once fix from BuildKit is vendored here
func stripCredentials(s string) string {
ru, err := url.Parse(s)
if err != nil {
return s // string is not a URL, just return it
}
ru.User = nil
return ru.String()
}

42
util/gitutil/gitutil_test.go
View File

@@ -189,3 +189,45 @@ func TestGitRemoteURL(t *testing.T) {
}) })
} }
} }
func TestStripCredentials(t *testing.T) {
cases := []struct {
name string
url string
want string
}{
{
name: "non-blank Password",
url: "https://user:password@host.tld/this:that",
want: "https://host.tld/this:that",
},
{
name: "blank Password",
url: "https://user@host.tld/this:that",
want: "https://host.tld/this:that",
},
{
name: "blank Username",
url: "https://:password@host.tld/this:that",
want: "https://host.tld/this:that",
},
{
name: "blank Username, blank Password",
url: "https://host.tld/this:that",
want: "https://host.tld/this:that",
},
{
name: "invalid URL",
url: "1https://foo.com",
want: "1https://foo.com",
},
}
for _, tt := range cases {
tt := tt
t.Run(tt.name, func(t *testing.T) {
if g, w := stripCredentials(tt.url), tt.want; g != w {
t.Fatalf("got: %q\nwant: %q", g, w)
}
})
}
}