Sanitize logs for mirror sync (#3057)
This commit is contained in:
		
							parent
							
								
									3163abedd6
								
							
						
					
					
						commit
						a0964775ab
					
				
					 2 changed files with 46 additions and 8 deletions
				
			
		|  | @ -605,9 +605,14 @@ func (repo *Repository) RepoPath() string { | ||||||
| 	return repo.repoPath(x) | 	return repo.repoPath(x) | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | // GitConfigPath returns the path to a repository's git config/ directory | ||||||
|  | func GitConfigPath(repoPath string) string { | ||||||
|  | 	return filepath.Join(repoPath, "config") | ||||||
|  | } | ||||||
|  | 
 | ||||||
| // GitConfigPath returns the repository git config path | // GitConfigPath returns the repository git config path | ||||||
| func (repo *Repository) GitConfigPath() string { | func (repo *Repository) GitConfigPath() string { | ||||||
| 	return filepath.Join(repo.RepoPath(), "config") | 	return GitConfigPath(repo.RepoPath()) | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| // RelLink returns the repository relative link | // RelLink returns the repository relative link | ||||||
|  |  | ||||||
|  | @ -76,17 +76,23 @@ func (m *Mirror) ScheduleNextUpdate() { | ||||||
| 	m.NextUpdate = time.Now().Add(m.Interval) | 	m.NextUpdate = time.Now().Add(m.Interval) | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | func remoteAddress(repoPath string) (string, error) { | ||||||
|  | 	cfg, err := ini.Load(GitConfigPath(repoPath)) | ||||||
|  | 	if err != nil { | ||||||
|  | 		return "", err | ||||||
|  | 	} | ||||||
|  | 	return cfg.Section("remote \"origin\"").Key("url").Value(), nil | ||||||
|  | } | ||||||
|  | 
 | ||||||
| func (m *Mirror) readAddress() { | func (m *Mirror) readAddress() { | ||||||
| 	if len(m.address) > 0 { | 	if len(m.address) > 0 { | ||||||
| 		return | 		return | ||||||
| 	} | 	} | ||||||
| 
 | 	var err error | ||||||
| 	cfg, err := ini.Load(m.Repo.GitConfigPath()) | 	m.address, err = remoteAddress(m.Repo.RepoPath()) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		log.Error(4, "Load: %v", err) | 		log.Error(4, "remoteAddress: %v", err) | ||||||
| 		return |  | ||||||
| 	} | 	} | ||||||
| 	m.address = cfg.Section("remote \"origin\"").Key("url").Value() |  | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| // HandleCloneUserCredentials replaces user credentials from HTTP/HTTPS URL | // HandleCloneUserCredentials replaces user credentials from HTTP/HTTPS URL | ||||||
|  | @ -107,6 +113,19 @@ func HandleCloneUserCredentials(url string, mosaics bool) string { | ||||||
| 	return url[:start+3] + url[i+1:] | 	return url[:start+3] + url[i+1:] | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | // sanitizeOutput sanitizes output of a command, replacing occurrences of the | ||||||
|  | // repository's remote address with a sanitized version. | ||||||
|  | func sanitizeOutput(output, repoPath string) (string, error) { | ||||||
|  | 	remoteAddr, err := remoteAddress(repoPath) | ||||||
|  | 	if err != nil { | ||||||
|  | 		// if we're unable to load the remote address, then we're unable to | ||||||
|  | 		// sanitize. | ||||||
|  | 		return "", err | ||||||
|  | 	} | ||||||
|  | 	sanitized := HandleCloneUserCredentials(remoteAddr, true) | ||||||
|  | 	return strings.Replace(output, remoteAddr, sanitized, -1), nil | ||||||
|  | } | ||||||
|  | 
 | ||||||
| // Address returns mirror address from Git repository config without credentials. | // Address returns mirror address from Git repository config without credentials. | ||||||
| func (m *Mirror) Address() string { | func (m *Mirror) Address() string { | ||||||
| 	m.readAddress() | 	m.readAddress() | ||||||
|  | @ -145,7 +164,14 @@ func (m *Mirror) runSync() bool { | ||||||
| 	if _, stderr, err := process.GetManager().ExecDir( | 	if _, stderr, err := process.GetManager().ExecDir( | ||||||
| 		timeout, repoPath, fmt.Sprintf("Mirror.runSync: %s", repoPath), | 		timeout, repoPath, fmt.Sprintf("Mirror.runSync: %s", repoPath), | ||||||
| 		"git", gitArgs...); err != nil { | 		"git", gitArgs...); err != nil { | ||||||
| 		desc := fmt.Sprintf("Failed to update mirror repository '%s': %s", repoPath, stderr) | 		// sanitize the output, since it may contain the remote address, which may | ||||||
|  | 		// contain a password | ||||||
|  | 		message, err := sanitizeOutput(stderr, repoPath) | ||||||
|  | 		if err != nil { | ||||||
|  | 			log.Error(4, "sanitizeOutput: %v", err) | ||||||
|  | 			return false | ||||||
|  | 		} | ||||||
|  | 		desc := fmt.Sprintf("Failed to update mirror repository '%s': %s", repoPath, message) | ||||||
| 		log.Error(4, desc) | 		log.Error(4, desc) | ||||||
| 		if err = CreateRepositoryNotice(desc); err != nil { | 		if err = CreateRepositoryNotice(desc); err != nil { | ||||||
| 			log.Error(4, "CreateRepositoryNotice: %v", err) | 			log.Error(4, "CreateRepositoryNotice: %v", err) | ||||||
|  | @ -170,7 +196,14 @@ func (m *Mirror) runSync() bool { | ||||||
| 		if _, stderr, err := process.GetManager().ExecDir( | 		if _, stderr, err := process.GetManager().ExecDir( | ||||||
| 			timeout, wikiPath, fmt.Sprintf("Mirror.runSync: %s", wikiPath), | 			timeout, wikiPath, fmt.Sprintf("Mirror.runSync: %s", wikiPath), | ||||||
| 			"git", "remote", "update", "--prune"); err != nil { | 			"git", "remote", "update", "--prune"); err != nil { | ||||||
| 			desc := fmt.Sprintf("Failed to update mirror wiki repository '%s': %s", wikiPath, stderr) | 			// sanitize the output, since it may contain the remote address, which may | ||||||
|  | 			// contain a password | ||||||
|  | 			message, err := sanitizeOutput(stderr, wikiPath) | ||||||
|  | 			if err != nil { | ||||||
|  | 				log.Error(4, "sanitizeOutput: %v", err) | ||||||
|  | 				return false | ||||||
|  | 			} | ||||||
|  | 			desc := fmt.Sprintf("Failed to update mirror wiki repository '%s': %s", wikiPath, message) | ||||||
| 			log.Error(4, desc) | 			log.Error(4, desc) | ||||||
| 			if err = CreateRepositoryNotice(desc); err != nil { | 			if err = CreateRepositoryNotice(desc); err != nil { | ||||||
| 				log.Error(4, "CreateRepositoryNotice: %v", err) | 				log.Error(4, "CreateRepositoryNotice: %v", err) | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		
		Reference in a new issue
	
	 Ethan Koenig
						Ethan Koenig