From 527f8ebd65378c1fdcd11e4ac3d3878ad2b33a17 Mon Sep 17 00:00:00 2001 From: Shreyas Goenka Date: Fri, 14 Jun 2024 11:23:53 +0200 Subject: [PATCH 1/3] Remove user credentials specified in the git origin URL --- libs/git/repository.go | 14 +++++++++++++- libs/git/repository_test.go | 12 ++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/libs/git/repository.go b/libs/git/repository.go index 86d56a7fcf..400f5b8786 100644 --- a/libs/git/repository.go +++ b/libs/git/repository.go @@ -4,6 +4,7 @@ import ( "errors" "fmt" "io/fs" + "net/url" "path" "path/filepath" "strings" @@ -100,7 +101,18 @@ func (r *Repository) LatestCommit() (string, error) { // return origin url if it's defined, otherwise an empty string func (r *Repository) OriginUrl() string { - return r.config.variables["remote.origin.url"] + rawUrl := r.config.variables["remote.origin.url"] + + // Remove username and credentials from the URL. + parsedUrl, err := url.Parse(rawUrl) + if err != nil { + return "" + } + // Setting User to nil removes the username and password from the URL when + // .String() is called. + // See: https://pkg.go.dev/net/url#URL.String + parsedUrl.User = nil + return parsedUrl.String() } // loadConfig loads and combines user specific and repository specific configuration files. diff --git a/libs/git/repository_test.go b/libs/git/repository_test.go index 7ddc7ea792..17d93bad56 100644 --- a/libs/git/repository_test.go +++ b/libs/git/repository_test.go @@ -207,3 +207,15 @@ func TestRepositoryGitConfigWhenNotARepo(t *testing.T) { originUrl := repo.OriginUrl() assert.Equal(t, "", originUrl) } + +func TestRepositoryOriginUrlRemovesUserCreds(t *testing.T) { + r := Repository{ + config: &config{ + variables: map[string]string{ + "remote.origin.url": "https://username:token@github.com/databricks/foobar.git", + }, + }, + } + + assert.Equal(t, "https://github.com/databricks/foobar.git", r.OriginUrl()) +} From ac481bc5fbb12b5f78dd1525334226b458683e58 Mon Sep 17 00:00:00 2001 From: Shreyas Goenka Date: Fri, 14 Jun 2024 11:59:29 +0200 Subject: [PATCH 2/3] - --- libs/git/repository.go | 8 ++++++-- libs/git/repository_test.go | 12 +++--------- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/libs/git/repository.go b/libs/git/repository.go index 400f5b8786..d541973c7e 100644 --- a/libs/git/repository.go +++ b/libs/git/repository.go @@ -103,10 +103,14 @@ func (r *Repository) LatestCommit() (string, error) { func (r *Repository) OriginUrl() string { rawUrl := r.config.variables["remote.origin.url"] - // Remove username and credentials from the URL. + // Remove username and passwork from the URL. parsedUrl, err := url.Parse(rawUrl) if err != nil { - return "" + // Git supports https URLs and non standard URLs like "ssh://" or "file://". + // Parsing these URLs is not supported by the Go standard library. In case + // of an error, we return the raw URL. This is okay because for ssh URLs + // because passwords cannot be included in the URL. + return rawUrl } // Setting User to nil removes the username and password from the URL when // .String() is called. diff --git a/libs/git/repository_test.go b/libs/git/repository_test.go index 17d93bad56..a28038eebd 100644 --- a/libs/git/repository_test.go +++ b/libs/git/repository_test.go @@ -209,13 +209,7 @@ func TestRepositoryGitConfigWhenNotARepo(t *testing.T) { } func TestRepositoryOriginUrlRemovesUserCreds(t *testing.T) { - r := Repository{ - config: &config{ - variables: map[string]string{ - "remote.origin.url": "https://username:token@github.com/databricks/foobar.git", - }, - }, - } - - assert.Equal(t, "https://github.com/databricks/foobar.git", r.OriginUrl()) + repo := newTestRepository(t) + repo.addOriginUrl("https://username:token@github.com/databricks/foobar.git") + repo.assertOriginUrl("https://github.com/databricks/foobar.git") } From 57b76f0c8de1c821233c93d3b2129f90eb04a0b9 Mon Sep 17 00:00:00 2001 From: shreyas-goenka <88374338+shreyas-goenka@users.noreply.github.com> Date: Mon, 17 Jun 2024 15:14:39 +0530 Subject: [PATCH 3/3] Update libs/git/repository.go Co-authored-by: Pieter Noordhuis --- libs/git/repository.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/git/repository.go b/libs/git/repository.go index d541973c7e..6940ddac83 100644 --- a/libs/git/repository.go +++ b/libs/git/repository.go @@ -103,7 +103,7 @@ func (r *Repository) LatestCommit() (string, error) { func (r *Repository) OriginUrl() string { rawUrl := r.config.variables["remote.origin.url"] - // Remove username and passwork from the URL. + // Remove username and password from the URL. parsedUrl, err := url.Parse(rawUrl) if err != nil { // Git supports https URLs and non standard URLs like "ssh://" or "file://".