Skip to content

Commit

Permalink
Merge pull request #348 from macedogm/sshkey-redact
Browse files Browse the repository at this point in the history
Redact SSH key from URL query parameter
  • Loading branch information
schmichael authored Jan 3, 2022
2 parents 23702d0 + 17af21e commit f5cbbb4
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 4 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
cmd/go-getter/go-getter
10 changes: 8 additions & 2 deletions url.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,23 @@ package getter
import "net/url"

// RedactURL is a port of url.Redacted from the standard library,
// which is like url.String but replaces any password with "xxxxx".
// which is like url.String but replaces any password with "redacted".
// Only the password in u.URL is redacted. This allows the library
// to maintain compatibility with go1.14.
// This port was also extended to redact SSH key from URL query parameter.
func RedactURL(u *url.URL) string {
if u == nil {
return ""
}

ru := *u
if _, has := ru.User.Password(); has {
ru.User = url.UserPassword(ru.User.Username(), "xxxxx")
ru.User = url.UserPassword(ru.User.Username(), "redacted")
}
q := ru.Query()
if q.Get("sshkey") != "" {
q.Set("sshkey", "redacted")
ru.RawQuery = q.Encode()
}
return ru.String()
}
26 changes: 24 additions & 2 deletions url_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ func TestRedactURL(t *testing.T) {
Path: "this:that",
User: url.UserPassword("user", "password"),
},
want: "http://user:xxxxx@host.tld/this:that",
want: "http://user:redacted@host.tld/this:that",
},
{
name: "blank Password",
Expand All @@ -39,7 +39,7 @@ func TestRedactURL(t *testing.T) {
Path: "this:that",
User: url.UserPassword("", "password"),
},
want: "http://:xxxxx@host.tld/this:that",
want: "http://:redacted@host.tld/this:that",
},
{
name: "blank Username, blank Password",
Expand All @@ -60,6 +60,28 @@ func TestRedactURL(t *testing.T) {
url: nil,
want: "",
},
{
name: "non-blank SSH key in URL query parameter",
url: &url.URL{
Scheme: "ssh",
User: url.User("git"),
Host: "github.com",
Path: "hashicorp/go-getter-test-private.git",
RawQuery: "sshkey=LS0tLS1CRUdJTiBPUE",
},
want: "ssh://git@github.com/hashicorp/go-getter-test-private.git?sshkey=redacted",
},
{
name: "blank SSH key in URL query parameter",
url: &url.URL{
Scheme: "ssh",
User: url.User("git"),
Host: "github.com",
Path: "hashicorp/go-getter-test-private.git",
RawQuery: "sshkey=",
},
want: "ssh://git@github.com/hashicorp/go-getter-test-private.git?sshkey=",
},
}

for _, tt := range cases {
Expand Down

0 comments on commit f5cbbb4

Please sign in to comment.