mirror of https://github.com/docker/buildx.git
build: strip credentials from remote url on collecting Git provenance info
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
parent
f2ac30f431
commit
15eb6418e8
|
@ -3,6 +3,7 @@ package gitutil
|
|||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"net/url"
|
||||
"os"
|
||||
"os/exec"
|
||||
"strings"
|
||||
|
@ -70,11 +71,11 @@ func (c *Git) RootDir() (string, error) {
|
|||
func (c *Git) RemoteURL() (string, error) {
|
||||
// Try to get the remote URL from the origin remote first
|
||||
if ru, err := c.clean(c.run("remote", "get-url", "origin")); err == nil && ru != "" {
|
||||
return ru, nil
|
||||
return stripCredentials(ru), nil
|
||||
}
|
||||
// If that fails, try to get the remote URL from the upstream remote
|
||||
if ru, err := c.clean(c.run("remote", "get-url", "upstream")); err == nil && ru != "" {
|
||||
return ru, nil
|
||||
return stripCredentials(ru), nil
|
||||
}
|
||||
return "", errors.New("no remote URL found for either origin or upstream")
|
||||
}
|
||||
|
@ -147,3 +148,16 @@ func IsUnknownRevision(err error) bool {
|
|||
errMsg := strings.ToLower(err.Error())
|
||||
return strings.Contains(errMsg, "unknown revision or path not in the working tree") || strings.Contains(errMsg, "bad revision")
|
||||
}
|
||||
|
||||
// stripCredentials takes a URL and strips username and password from it.
|
||||
// e.g. "https://user:password@host.tld/path.git" will be changed to
|
||||
// "https://host.tld/path.git".
|
||||
// TODO: remove this function once fix from BuildKit is vendored here
|
||||
func stripCredentials(s string) string {
|
||||
ru, err := url.Parse(s)
|
||||
if err != nil {
|
||||
return s // string is not a URL, just return it
|
||||
}
|
||||
ru.User = nil
|
||||
return ru.String()
|
||||
}
|
||||
|
|
|
@ -189,3 +189,45 @@ func TestGitRemoteURL(t *testing.T) {
|
|||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestStripCredentials(t *testing.T) {
|
||||
cases := []struct {
|
||||
name string
|
||||
url string
|
||||
want string
|
||||
}{
|
||||
{
|
||||
name: "non-blank Password",
|
||||
url: "https://user:password@host.tld/this:that",
|
||||
want: "https://host.tld/this:that",
|
||||
},
|
||||
{
|
||||
name: "blank Password",
|
||||
url: "https://user@host.tld/this:that",
|
||||
want: "https://host.tld/this:that",
|
||||
},
|
||||
{
|
||||
name: "blank Username",
|
||||
url: "https://:password@host.tld/this:that",
|
||||
want: "https://host.tld/this:that",
|
||||
},
|
||||
{
|
||||
name: "blank Username, blank Password",
|
||||
url: "https://host.tld/this:that",
|
||||
want: "https://host.tld/this:that",
|
||||
},
|
||||
{
|
||||
name: "invalid URL",
|
||||
url: "1https://foo.com",
|
||||
want: "1https://foo.com",
|
||||
},
|
||||
}
|
||||
for _, tt := range cases {
|
||||
tt := tt
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if g, w := stripCredentials(tt.url), tt.want; g != w {
|
||||
t.Fatalf("got: %q\nwant: %q", g, w)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue