You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

51 lines
1.5 KiB

  1. // Copyright 2017 The Gitea Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package util
  5. import (
  6. "net/url"
  7. "strings"
  8. "code.gitea.io/gitea/modules/log"
  9. )
  10. // urlSafeError wraps an error whose message may contain a sensitive URL
  11. type urlSafeError struct {
  12. err error
  13. unsanitizedURL string
  14. }
  15. func (err urlSafeError) Error() string {
  16. return SanitizeMessage(err.err.Error(), err.unsanitizedURL)
  17. }
  18. // URLSanitizedError returns the sanitized version an error whose message may
  19. // contain a sensitive URL
  20. func URLSanitizedError(err error, unsanitizedURL string) error {
  21. return urlSafeError{err: err, unsanitizedURL: unsanitizedURL}
  22. }
  23. // SanitizeMessage sanitizes a message which may contains a sensitive URL
  24. func SanitizeMessage(message, unsanitizedURL string) string {
  25. sanitizedURL := SanitizeURLCredentials(unsanitizedURL, true)
  26. return strings.Replace(message, unsanitizedURL, sanitizedURL, -1)
  27. }
  28. // SanitizeURLCredentials sanitizes a url, either removing user credentials
  29. // or replacing them with a placeholder.
  30. func SanitizeURLCredentials(unsanitizedURL string, usePlaceholder bool) string {
  31. u, err := url.Parse(unsanitizedURL)
  32. if err != nil {
  33. log.Error("parse url %s failed: %v", unsanitizedURL, err)
  34. // don't log the error, since it might contain unsanitized URL.
  35. return "(unparsable url)"
  36. }
  37. if u.User != nil && usePlaceholder {
  38. u.User = url.User("<credentials>")
  39. } else {
  40. u.User = nil
  41. }
  42. return u.String()
  43. }