From 00602751ec6d6465d19414c2042c756017004b90 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Thu, 24 Oct 2019 12:17:25 +0200 Subject: [PATCH] Add `SafeURL` helper method to `GitRemoteConfig` During the development of the (secure) Git HTTPS credential feature, I did not take the response of the `GitRepoConfig` API method into account. As a direct result, the `fluxctl sync` command still exposes the full Git URL in the logs. This commit adds (and implements) a helper method `SafeURL` to `GitRemoteConfig`, which makes it possible to print the URL without leaking any sensitive data. --- cmd/fluxctl/sync_cmd.go | 4 ++-- pkg/api/v6/api.go | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/cmd/fluxctl/sync_cmd.go b/cmd/fluxctl/sync_cmd.go index c3d3880f65..f01e6368b2 100644 --- a/cmd/fluxctl/sync_cmd.go +++ b/cmd/fluxctl/sync_cmd.go @@ -46,10 +46,10 @@ func (opts *syncOpts) RunE(cmd *cobra.Command, args []string) error { case git.RepoReady: break default: - return fmt.Errorf("git repository %s is not ready to sync (status: %s)", gitConfig.Remote.URL, string(gitConfig.Status)) + return fmt.Errorf("git repository %s is not ready to sync (status: %s)", gitConfig.Remote.SafeURL(), string(gitConfig.Status)) } - fmt.Fprintf(cmd.OutOrStderr(), "Synchronizing with %s\n", gitConfig.Remote.URL) + fmt.Fprintf(cmd.OutOrStderr(), "Synchronizing with %s\n", gitConfig.Remote.SafeURL()) updateSpec := update.Spec{ Type: update.Sync, diff --git a/pkg/api/v6/api.go b/pkg/api/v6/api.go index bf4662bf47..9141f9ee54 100644 --- a/pkg/api/v6/api.go +++ b/pkg/api/v6/api.go @@ -2,6 +2,10 @@ package v6 import ( "context" + "fmt" + "net/url" + + giturls "github.com/whilp/git-urls" "github.com/fluxcd/flux/pkg/cluster" "github.com/fluxcd/flux/pkg/git" @@ -54,6 +58,17 @@ type GitRemoteConfig struct { Path string `json:"path"` } +func (c GitRemoteConfig) SafeURL() string { + u, err := giturls.Parse(c.URL) + if err != nil { + return fmt.Sprintf("", c.URL) + } + if u.User != nil { + u.User = url.User(u.User.Username()) + } + return u.String() +} + type GitConfig struct { Remote GitRemoteConfig `json:"remote"` PublicSSHKey ssh.PublicKey `json:"publicSSHKey"`