Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize logs for mirror sync (#3057, #3082) #3078

Merged
merged 4 commits into from
Dec 8, 2017
Merged

Sanitize logs for mirror sync (#3057, #3082) #3078

merged 4 commits into from
Dec 8, 2017

Conversation

ethantkoenig
Copy link
Member

@ethantkoenig ethantkoenig commented Dec 3, 2017
edited
Loading

Backport of #3057 and #3082.

@lafriks
Copy link
Member

lafriks commented Dec 3, 2017

LGTM

@tboerger tboerger added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Dec 3, 2017
bkcsoft
bkcsoft suggested changes Dec 3, 2017
View reviewed changes
models/repo.go
// GitConfigPath returns the repository git config path
func (repo *Repository) GitConfigPath() string {
return filepath.Join(repo.RepoPath(), "config")
return GitConfigPath(repo.RepoPath())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why this change?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just moved the logic to a helper function (GitConfigPath) so that it can be reused.

models/repo_mirror.go
@@ -76,17 +76,23 @@ func (m *Mirror) ScheduleNextUpdate() {
m.NextUpdate = time.Now().Add(m.Interval)
}

func remoteAddress(repoPath string) (string, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(not required change) This function should be moved to go-gitea/git at some point...

But, have it run git remote get-url origin instead of reading the config...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Esp. since the config-file is not INI-format... If we wanna do this in pure-go we should consider using this: https://github.com/tcnksm/go-gitconfig

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree that parsing .git/config with a INI-parser is not ideal, but let's address it in a separate PR, so as to not block this backport.

models/repo_mirror.go Outdated
}
m.address = cfg.Section("remote \"origin\"").Key("url").Value()
}

// HandleCloneUserCredentials replaces user credentials from HTTP/HTTPS URL
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we call this SanitizeUserCredentials instead? 😕

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This entire function should be rewritten to use url.Parse and do url.User = nil instead 🙄

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in #3082, which I've included in this backport.

@ethantkoenig
Copy link
Member Author

@bkcsoft Valid points; I'll open up a separate PR to address them, since this a backport.

@ethantkoenig ethantkoenig mentioned this pull request Dec 3, 2017
Merged
@lafriks lafriks added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Dec 3, 2017
@lafriks lafriks added this to the 1.3.1 milestone Dec 3, 2017
@ethantkoenig ethantkoenig changed the title Sanitize logs for mirror sync Sanitize logs for mirror sync (#3057, #3082) Dec 4, 2017
@lunny
Copy link
Member

lunny commented Dec 8, 2017
edited
Loading

@bkcsoft could you review this again so that we may release v1.3.1 next week.

@bkcsoft
Copy link
Member

bkcsoft commented Dec 8, 2017

LGTM

@tboerger tboerger added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Dec 8, 2017
@lafriks
Copy link
Member

lafriks commented Dec 8, 2017

Make LG-TM work

@lafriks lafriks merged commit ec6718e into go-gitea:release/v1.3 Dec 8, 2017
@ethantkoenig ethantkoenig deleted the backport/mirror_logs branch December 17, 2017 22:47
@go-gitea go-gitea locked and limited conversation to collaborators Nov 23, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bkcsoft bkcsoft bkcsoft approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed!
Projects
None yet
Milestone
1.3.1
Development

Successfully merging this pull request may close these issues.
5 participants
@ethantkoenig @lafriks @lunny @bkcsoft @tboerger