kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Masking credentials from proxy URL

Browse source 
Signed-off-by: Dani Louca <dani.louca@docker.com>
This commit is contained in:
Dani Louca 2018-09-26 22:43:26 -04:00
parent 87e7930892
commit 78fd978454
3 changed files with 72 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
api/swagger.yaml
View file

@ -3761,18 +3761,22 @@ definitions:
description: | description: |
HTTP-proxy configured for the daemon. This value is obtained from the HTTP-proxy configured for the daemon. This value is obtained from the
[`HTTP_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable. [`HTTP_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
Credentials ([user info component](https://tools.ietf.org/html/rfc3986#section-3.2.1)) in the proxy URL
are masked in the API response.
Containers do not automatically inherit this configuration. Containers do not automatically inherit this configuration.
type: "string" type: "string"
example: "http://user:pass@proxy.corp.example.com:8080" example: "http://xxxxx:xxxxx@proxy.corp.example.com:8080"
HttpsProxy: HttpsProxy:
description: | description: |
HTTPS-proxy configured for the daemon. This value is obtained from the HTTPS-proxy configured for the daemon. This value is obtained from the
[`HTTPS_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable. [`HTTPS_PROXY`](https://www.gnu.org/software/wget/manual/html_node/Proxies.html) environment variable.
Credentials ([user info component](https://tools.ietf.org/html/rfc3986#section-3.2.1)) in the proxy URL
are masked in the API response.
Containers do not automatically inherit this configuration. Containers do not automatically inherit this configuration.
type: "string" type: "string"
example: "https://user:pass@proxy.corp.example.com:4443" example: "https://xxxxx:xxxxx@proxy.corp.example.com:4443"
NoProxy: NoProxy:
description: | description: |
Comma-separated list of domain extensions for which no proxy should be Comma-separated list of domain extensions for which no proxy should be

15
daemon/info.go
View file

@ -2,6 +2,7 @@ package daemon // import "github.com/docker/docker/daemon"
import ( import (
"fmt" "fmt"
"net/url"
"os" "os"
"runtime" "runtime"
"strings" "strings"
@ -61,8 +62,8 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) {
ServerVersion: dockerversion.Version, ServerVersion: dockerversion.Version,
ClusterStore: daemon.configStore.ClusterStore, ClusterStore: daemon.configStore.ClusterStore,
ClusterAdvertise: daemon.configStore.ClusterAdvertise, ClusterAdvertise: daemon.configStore.ClusterAdvertise,
HTTPProxy: sockets.GetProxyEnv("http_proxy"), HTTPProxy: maskCredentials(sockets.GetProxyEnv("http_proxy")),
HTTPSProxy: sockets.GetProxyEnv("https_proxy"), HTTPSProxy: maskCredentials(sockets.GetProxyEnv("https_proxy")),
NoProxy: sockets.GetProxyEnv("no_proxy"), NoProxy: sockets.GetProxyEnv("no_proxy"),
LiveRestoreEnabled: daemon.configStore.LiveRestoreEnabled, LiveRestoreEnabled: daemon.configStore.LiveRestoreEnabled,
Isolation: daemon.defaultIsolation, Isolation: daemon.defaultIsolation,
@ -245,3 +246,13 @@ func operatingSystem() string {
} }
return operatingSystem return operatingSystem
} }
func maskCredentials(rawURL string) string {
parsedURL, err := url.Parse(rawURL)
if err != nil || parsedURL.User == nil {
return rawURL
}
parsedURL.User = url.UserPassword("xxxxx", "xxxxx")
maskedURL := parsedURL.String()
return maskedURL
}

53
daemon/info_test.go Normal file
View file

@ -0,0 +1,53 @@
package daemon
import (
"testing"
"gotest.tools/assert"
)
func TestMaskURLCredentials(t *testing.T) {
tests := []struct {
rawURL string
maskedURL string
}{
{
rawURL: "",
maskedURL: "",
}, {
rawURL: "invalidURL",
maskedURL: "invalidURL",
}, {
rawURL: "http://proxy.example.com:80/",
maskedURL: "http://proxy.example.com:80/",
}, {
rawURL: "http://USER:PASSWORD@proxy.example.com:80/",
maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
}, {
rawURL: "http://PASSWORD:PASSWORD@proxy.example.com:80/",
maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
}, {
rawURL: "http://USER:@proxy.example.com:80/",
maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
}, {
rawURL: "http://:PASSWORD@proxy.example.com:80/",
maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
}, {
rawURL: "http://USER@docker:password@proxy.example.com:80/",
maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
}, {
rawURL: "http://USER%40docker:password@proxy.example.com:80/",
maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
}, {
rawURL: "http://USER%40docker:pa%3Fsword@proxy.example.com:80/",
maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/",
}, {
rawURL: "http://USER%40docker:pa%3Fsword@proxy.example.com:80/hello%20world",
maskedURL: "http://xxxxx:xxxxx@proxy.example.com:80/hello%20world",
},
}
for _, test := range tests {
maskedURL := maskCredentials(test.rawURL)
assert.Equal(t, maskedURL, test.maskedURL)
}
}