Mirrors/gitea
0
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-05-13 08:55:40 +02:00
Code Issues Activity

Fix #37564: Rename to StripUrl

Browse Source
This commit is contained in:
pandareen 2026-05-08 11:09:18 +05:30
parent 8c94ee876c
commit 4646e0bc3f
3 changed files with 14 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
modules/util/url.go
View File

@ -27,22 +27,20 @@ func SanitizeURL(s string) (string, error) {
return u.String(), nil return u.String(), nil
} }
// SanitizeURLForLog returns a redacted form of a URL safe to include in // StripUrl returns the scheme, host, and path portions of s with userinfo,
// log lines. It strips userinfo (e.g. https://user:pass@…), the query // query string, and fragment removed. Intended for logging URLs whose
// string (which may contain signed-URL credentials such as AWS S3 / GCS / // userinfo or query string may carry credentials (e.g. https://user:pass@…
// Cloudinary signatures), and the fragment, leaving only scheme+host+path. // or signed S3/GCS/Cloudinary URLs whose signatures live in the query
// On a parse failure the placeholder "<unparseable url>" is returned to // string). Returns "<unparseable url>" if s cannot be parsed.
// avoid leaking the raw URL into logs.
// //
// Unlike SanitizeURL this is intended exclusively for logging: callers // Unlike SanitizeURL (which only strips userinfo and is used by callers
// that still need to USE the URL (mirroring, indexing, migrations, etc.) // such as mirroring/indexing/migrations that still need the query string
// should keep using SanitizeURL because they need the query string // to actually use the URL), StripUrl is for logging only.
// preserved. func StripUrl(s string) string {
func SanitizeURLForLog(s string) string {
u, err := url.Parse(s) u, err := url.Parse(s)
if err != nil { if err != nil {
return "<unparseable url>" return "<unparseable url>"
} }
redacted := url.URL{Scheme: u.Scheme, Host: u.Host, Path: u.Path} stripped := url.URL{Scheme: u.Scheme, Host: u.Host, Path: u.Path}
return redacted.String() return stripped.String()
} }

4
modules/util/url_test.go
View File

@ -9,7 +9,7 @@ import (
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
func TestSanitizeURLForLog(t *testing.T) { func TestStripUrl(t *testing.T) {
cases := []struct { cases := []struct {
name string name string
in string in string
@ -54,7 +54,7 @@ func TestSanitizeURLForLog(t *testing.T) {
} }
for _, c := range cases { for _, c := range cases {
t.Run(c.name, func(t *testing.T) { t.Run(c.name, func(t *testing.T) {
assert.Equal(t, c.want, SanitizeURLForLog(c.in)) assert.Equal(t, c.want, StripUrl(c.in))
}) })
} }
} }

2
routers/web/auth/oauth.go
View File

@ -308,7 +308,7 @@ func oauth2UpdateAvatarIfNeed(ctx *context.Context, rawURL string, u *user_model
} }
// Compute a redacted URL for log lines BEFORE issuing the request, so we // Compute a redacted URL for log lines BEFORE issuing the request, so we
// never accidentally log signed-URL query parameters or userinfo. // never accidentally log signed-URL query parameters or userinfo.
logURL := util.SanitizeURLForLog(rawURL) logURL := util.StripUrl(rawURL)
// Bind the outbound fetch to the inbound request context so the download // Bind the outbound fetch to the inbound request context so the download
// is cancelled if the user navigates away / aborts login, and so any // is cancelled if the user navigates away / aborts login, and so any