filter sensitive info from URLs according to the new specs

DataDog · Nov 10, 2023 · 478ce78 · 478ce78
1 parent 5b021fc
commit 478ce78
Show file tree

Hide file tree

Showing 6 changed files with 47 additions and 16 deletions.
diff --git a/lib/datadog/ci/ext/environment/extractor.rb b/lib/datadog/ci/ext/environment/extractor.rb
@@ -2,6 +2,7 @@
 
 require_relative "../git"
 require_relative "../../utils/git"
+require_relative "../../utils/url"
 require_relative "providers"
 
 module Datadog
@@ -68,14 +69,14 @@ def tags
 
           def normalize_git!
             branch_ref = @tags[Git::TAG_BRANCH]
-            if Datadog::CI::Utils::Git.is_git_tag?(branch_ref)
+            if Utils::Git.is_git_tag?(branch_ref)
               @tags[Git::TAG_TAG] = branch_ref
               @tags.delete(Git::TAG_BRANCH)
             end
 
-            @tags[Git::TAG_TAG] = Datadog::CI::Utils::Git.normalize_ref(@tags[Git::TAG_TAG])
-            @tags[Git::TAG_BRANCH] = Datadog::CI::Utils::Git.normalize_ref(@tags[Git::TAG_BRANCH])
-            @tags[Git::TAG_REPOSITORY_URL] = filter_sensitive_info(
+            @tags[Git::TAG_TAG] = Utils::Git.normalize_ref(@tags[Git::TAG_TAG])
+            @tags[Git::TAG_BRANCH] = Utils::Git.normalize_ref(@tags[Git::TAG_BRANCH])
+            @tags[Git::TAG_REPOSITORY_URL] = Utils::Url.filter_sensitive_info(
               @tags[Git::TAG_REPOSITORY_URL]
             )
           end
@@ -87,12 +88,6 @@ def expand_workspace!
               @tags[TAG_WORKSPACE_PATH] = File.expand_path(workspace_path)
             end
           end
-
-          def filter_sensitive_info(url)
-            return nil if url.nil?
-
-            url.gsub(%r{(https?://)[^/]*@}, '\1')
-          end
         end
       end
     end

diff --git a/lib/datadog/ci/ext/environment/providers/github_actions.rb b/lib/datadog/ci/ext/environment/providers/github_actions.rb
@@ -3,6 +3,7 @@
 require "json"
 
 require_relative "base"
+require_relative "../../../utils/url"
 
 module Datadog
   module CI
@@ -25,7 +26,7 @@ def job_name
             end
 
             def job_url
-              "#{env["GITHUB_SERVER_URL"]}/#{env["GITHUB_REPOSITORY"]}/commit/#{env["GITHUB_SHA"]}/checks"
+              "#{github_server_url}/#{env["GITHUB_REPOSITORY"]}/commit/#{env["GITHUB_SHA"]}/checks"
             end
 
             def pipeline_id
@@ -41,7 +42,7 @@ def pipeline_number
             end
 
             def pipeline_url
-              res = "#{env["GITHUB_SERVER_URL"]}/#{env["GITHUB_REPOSITORY"]}/actions/runs/#{env["GITHUB_RUN_ID"]}"
+              res = "#{github_server_url}/#{env["GITHUB_REPOSITORY"]}/actions/runs/#{env["GITHUB_RUN_ID"]}"
               res = "#{res}/attempts/#{env["GITHUB_RUN_ATTEMPT"]}" if env["GITHUB_RUN_ATTEMPT"]
               res
             end
@@ -51,7 +52,7 @@ def workspace_path
             end
 
             def git_repository_url
-              "#{env["GITHUB_SERVER_URL"]}/#{env["GITHUB_REPOSITORY"]}.git"
+              "#{github_server_url}/#{env["GITHUB_REPOSITORY"]}.git"
             end
 
             def git_commit_sha
@@ -66,12 +67,20 @@ def git_branch_or_tag
 
             def ci_env_vars
               {
-                "GITHUB_SERVER_URL" => env["GITHUB_SERVER_URL"],
+                "GITHUB_SERVER_URL" => github_server_url,
                 "GITHUB_REPOSITORY" => env["GITHUB_REPOSITORY"],
                 "GITHUB_RUN_ID" => env["GITHUB_RUN_ID"],
                 "GITHUB_RUN_ATTEMPT" => env["GITHUB_RUN_ATTEMPT"]
               }.reject { |_, v| v.nil? }.to_json
             end
+
+            private
+
+            def github_server_url
+              return @github_server_url if defined?(@github_server_url)
+
+              @github_server_url ||= Utils::Url.filter_sensitive_info(env["GITHUB_SERVER_URL"])
+            end
           end
         end
       end

diff --git a/lib/datadog/ci/utils/url.rb b/lib/datadog/ci/utils/url.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Datadog
+  module CI
+    module Utils
+      module Url
+        def self.filter_sensitive_info(url)
+          return nil if url.nil?
+
+          url.gsub(%r{((https?|ssh)://)[^/]*@}, '\1')
+        end
+      end
+    end
+  end
+end
diff --git a/sig/datadog/ci/ext/environment/extractor.rbs b/sig/datadog/ci/ext/environment/extractor.rbs
@@ -18,8 +18,6 @@ module Datadog
           def normalize_git!: () -> void
 
           def expand_workspace!: () -> void
-
-          def filter_sensitive_info: (String? url) -> String?
         end
       end
     end

diff --git a/sig/datadog/ci/ext/environment/providers/github_actions.rbs b/sig/datadog/ci/ext/environment/providers/github_actions.rbs
@@ -5,6 +5,7 @@ module Datadog
         module Providers
           class GithubActions < Extractor
             @ref: String
+            @github_server_url: String?
 
             def provider_name: () -> "github"
 
@@ -29,6 +30,10 @@ module Datadog
             def git_branch_or_tag: () -> String?
 
             def ci_env_vars: () -> String?
+
+            private
+
+            def github_server_url: () -> String?
           end
         end
       end

diff --git a/sig/datadog/ci/utils/url.rbs b/sig/datadog/ci/utils/url.rbs
@@ -0,0 +1,9 @@
+module Datadog
+  module CI
+    module Utils
+      module Url
+        def self.filter_sensitive_info: (String? url) -> String?
+      end
+    end
+  end
+end
-Original file line number
+Diff line change
@@ Expand Up / @@ -18,8 +18,6 @@ module Datadog @@
               def normalize_git!: () -> void
               def expand_workspace!: () -> void
-              def filter_sensitive_info: (String? url) -> String?
             end
           end
         end
@@ Expand Down @@