2016-03-21 08:15:51 -04:00
|
|
|
module Gitlab
|
2016-05-18 22:16:36 -04:00
|
|
|
class UrlSanitizer
|
|
|
|
def self.sanitize(content)
|
2017-02-22 12:46:57 -05:00
|
|
|
regexp = URI::Parser.new.make_regexp(%w(http https ssh git))
|
2016-05-18 22:16:36 -04:00
|
|
|
|
|
|
|
content.gsub(regexp) { |url| new(url).masked_url }
|
2016-07-11 03:01:09 -04:00
|
|
|
rescue Addressable::URI::InvalidURIError
|
|
|
|
content.gsub(regexp, '')
|
2016-05-18 22:16:36 -04:00
|
|
|
end
|
|
|
|
|
2016-06-30 08:30:07 -04:00
|
|
|
def self.valid?(url)
|
2017-09-06 07:29:14 -04:00
|
|
|
return false unless url.present?
|
2017-03-09 10:39:09 -05:00
|
|
|
|
2016-06-30 08:30:07 -04:00
|
|
|
Addressable::URI.parse(url.strip)
|
|
|
|
|
|
|
|
true
|
|
|
|
rescue Addressable::URI::InvalidURIError
|
|
|
|
false
|
|
|
|
end
|
|
|
|
|
2016-03-21 10:11:05 -04:00
|
|
|
def initialize(url, credentials: nil)
|
2017-09-06 10:20:25 -04:00
|
|
|
%i[user password].each do |symbol|
|
|
|
|
credentials[symbol] = credentials[symbol].presence if credentials&.key?(symbol)
|
|
|
|
end
|
|
|
|
|
2016-03-21 10:11:05 -04:00
|
|
|
@credentials = credentials
|
2017-09-08 10:48:10 -04:00
|
|
|
@url = parse_url(url)
|
2016-03-21 08:15:51 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def sanitized_url
|
|
|
|
@sanitized_url ||= safe_url.to_s
|
|
|
|
end
|
|
|
|
|
2016-05-18 22:16:36 -04:00
|
|
|
def masked_url
|
|
|
|
url = @url.dup
|
2017-09-06 07:29:14 -04:00
|
|
|
url.password = "*****" if url.password.present?
|
|
|
|
url.user = "*****" if url.user.present?
|
2016-05-18 22:16:36 -04:00
|
|
|
url.to_s
|
|
|
|
end
|
|
|
|
|
2016-03-21 08:15:51 -04:00
|
|
|
def credentials
|
2017-09-06 07:29:14 -04:00
|
|
|
@credentials ||= { user: @url.user.presence, password: @url.password.presence }
|
2016-03-21 08:15:51 -04:00
|
|
|
end
|
|
|
|
|
2016-03-21 10:11:05 -04:00
|
|
|
def full_url
|
|
|
|
@full_url ||= generate_full_url.to_s
|
|
|
|
end
|
|
|
|
|
2016-03-21 08:15:51 -04:00
|
|
|
private
|
|
|
|
|
2017-09-08 10:48:10 -04:00
|
|
|
def parse_url(url)
|
|
|
|
url = url.to_s.strip
|
|
|
|
match = url.match(%r{\A(?:git|ssh|http(?:s?))\://(?:(.+)(?:@))?(.+)})
|
|
|
|
raw_credentials = match[1] if match
|
|
|
|
|
|
|
|
if raw_credentials.present?
|
|
|
|
url.sub!("#{raw_credentials}@", '')
|
|
|
|
|
|
|
|
user, password = raw_credentials.split(':')
|
|
|
|
@credentials ||= { user: user.presence, password: password.presence }
|
|
|
|
end
|
|
|
|
|
|
|
|
url = Addressable::URI.parse(url)
|
|
|
|
url.password = password if password.present?
|
|
|
|
url.user = user if user.present?
|
|
|
|
url
|
|
|
|
end
|
|
|
|
|
2016-03-21 10:11:05 -04:00
|
|
|
def generate_full_url
|
2016-03-29 09:23:32 -04:00
|
|
|
return @url unless valid_credentials?
|
2016-03-21 10:11:05 -04:00
|
|
|
@full_url = @url.dup
|
2017-09-06 10:20:25 -04:00
|
|
|
|
2017-09-08 10:48:10 -04:00
|
|
|
@full_url.password = credentials[:password] if credentials[:password].present?
|
|
|
|
@full_url.user = credentials[:user] if credentials[:user].present?
|
2017-09-06 10:20:25 -04:00
|
|
|
|
2016-03-21 10:11:05 -04:00
|
|
|
@full_url
|
|
|
|
end
|
|
|
|
|
2016-03-21 08:15:51 -04:00
|
|
|
def safe_url
|
|
|
|
safe_url = @url.dup
|
|
|
|
safe_url.password = nil
|
|
|
|
safe_url.user = nil
|
|
|
|
safe_url
|
|
|
|
end
|
2016-03-29 09:23:32 -04:00
|
|
|
|
|
|
|
def valid_credentials?
|
|
|
|
credentials && credentials.is_a?(Hash) && credentials.any?
|
|
|
|
end
|
2016-03-21 08:15:51 -04:00
|
|
|
end
|
2016-03-21 12:29:19 -04:00
|
|
|
end
|