gitlab-org--gitlab-foss/lib/gitlab/url_sanitizer.rb

# frozen_string_literal: true

module Gitlab
  class UrlSanitizer
    ALLOWED_SCHEMES = %w[http https ssh git].freeze
    ALLOWED_WEB_SCHEMES = %w[http https].freeze

    def self.sanitize(content)
      regexp = URI::DEFAULT_PARSER.make_regexp(ALLOWED_SCHEMES)

      content.gsub(regexp) { |url| new(url).masked_url }
    rescue Addressable::URI::InvalidURIError
      content.gsub(regexp, '')
    end

    def self.valid?(url, allowed_schemes: ALLOWED_SCHEMES)
      return false unless url.present?
      return false unless url.is_a?(String)

      uri = Addressable::URI.parse(url.strip)

      allowed_schemes.include?(uri.scheme)
    rescue Addressable::URI::InvalidURIError
      false
    end

    def self.valid_web?(url)
      valid?(url, allowed_schemes: ALLOWED_WEB_SCHEMES)
    end

    def initialize(url, credentials: nil)
      %i[user password].each do |symbol|
        credentials[symbol] = credentials[symbol].presence if credentials&.key?(symbol)
      end

      @credentials = credentials
      @url = parse_url(url)
    end

    def sanitized_url
      @sanitized_url ||= safe_url.to_s
    end

    def masked_url
      url = @url.dup
      url.password = "*****" if url.password.present?
      url.user = "*****" if url.user.present?
      url.to_s
    end

    def credentials
      @credentials ||= { user: @url.user.presence, password: @url.password.presence }
    end

    def user
      credentials[:user]
    end

    def full_url
      @full_url ||= generate_full_url.to_s
    end

    private

    def parse_url(url)
      url             = url.to_s.strip
      match           = url.match(%r{\A(?:git|ssh|http(?:s?))\://(?:(.+)(?:@))?(.+)})
      raw_credentials = match[1] if match

      if raw_credentials.present?
        url.sub!("#{raw_credentials}@", '')

        user, _, password = raw_credentials.partition(':')

        @credentials ||= {}
        @credentials[:user] = user.presence if @credentials[:user].blank?
        @credentials[:password] = password.presence if @credentials[:password].blank?
      end

      url = Addressable::URI.parse(url)
      url.password = password if password.present?
      url.user = user if user.present?
      url
    end

    def generate_full_url
      return @url unless valid_credentials?

      @url.dup.tap do |generated|
        generated.password = encode_percent(credentials[:password]) if credentials[:password].present?
        generated.user = encode_percent(credentials[:user]) if credentials[:user].present?
      end
    end

    def safe_url
      safe_url = @url.dup
      safe_url.password = nil
      safe_url.user = nil
      safe_url
    end

    def valid_credentials?
      credentials && credentials.is_a?(Hash) && credentials.any?
    end

    def encode_percent(string)
      # CGI.escape converts spaces to +, but this doesn't work for git clone
      CGI.escape(string).gsub('+', '%20')
    end
  end
end
Enable frozen string for lib/gitlab/*.rb 2018-10-22 07:00:50 +00:00			`# frozen_string_literal: true`

some refactoring based on feedback 2016-03-21 12:15:51 +00:00			`module Gitlab`
Mask credentials from URL when import of project has failed. 2016-05-19 02:16:36 +00:00			`class UrlSanitizer`
Freeze the constant array 2017-10-02 06:45:58 +00:00			`ALLOWED_SCHEMES = %w[http https ssh git].freeze`
Add latest changes from gitlab-org/gitlab@master 2020-05-27 21:08:05 +00:00			`ALLOWED_WEB_SCHEMES = %w[http https].freeze`
Just allow the scheme we want! 2017-09-29 13:45:00 +00:00
Mask credentials from URL when import of project has failed. 2016-05-19 02:16:36 +00:00			`def self.sanitize(content)`
Fix UriDefaultParser cop 2018-09-21 06:55:02 +00:00			`regexp = URI::DEFAULT_PARSER.make_regexp(ALLOWED_SCHEMES)`
Mask credentials from URL when import of project has failed. 2016-05-19 02:16:36 +00:00
			`content.gsub(regexp) { \|url\| new(url).masked_url }`
spec and fix for sanitize method 2016-07-11 07:01:09 +00:00			`rescue Addressable::URI::InvalidURIError`
			`content.gsub(regexp, '')`
Mask credentials from URL when import of project has failed. 2016-05-19 02:16:36 +00:00			`end`

Add latest changes from gitlab-org/gitlab@master 2020-05-27 21:08:05 +00:00			`def self.valid?(url, allowed_schemes: ALLOWED_SCHEMES)`
Backport EE fixes to Gitlab::UrlSanitizer to CE 2017-09-06 11:29:14 +00:00			`return false unless url.present?`
Only allow strings in URL::Sanitizer.valid? Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/55079 2018-12-09 07:23:39 +00:00			`return false unless url.is_a?(String)`
Fix for creating a project through API when import_url is nil The API was returning 500 when `nil` is passed for the `import_url`. In fact, it was `Gitlab::UrlSanitizer.valid?` which was throwing a `NoMethodError` when `nil` value was passed. 2017-03-09 15:39:09 +00:00
Just allow the scheme we want! 2017-09-29 13:45:00 +00:00			`uri = Addressable::URI.parse(url.strip)`
use class method 2016-06-30 12:30:07 +00:00
Add latest changes from gitlab-org/gitlab@master 2020-05-27 21:08:05 +00:00			`allowed_schemes.include?(uri.scheme)`
use class method 2016-06-30 12:30:07 +00:00			`rescue Addressable::URI::InvalidURIError`
			`false`
			`end`

Add latest changes from gitlab-org/gitlab@master 2020-05-27 21:08:05 +00:00			`def self.valid_web?(url)`
			`valid?(url, allowed_schemes: ALLOWED_WEB_SCHEMES)`
			`end`

more refactoring 2016-03-21 14:11:05 +00:00			`def initialize(url, credentials: nil)`
Remove blank passwords from sanitized URLs 2017-09-06 14:20:25 +00:00			`%i[user password].each do \|symbol\|`
			`credentials[symbol] = credentials[symbol].presence if credentials&.key?(symbol)`
			`end`

more refactoring 2016-03-21 14:11:05 +00:00			`@credentials = credentials`
Backport more EE changes to Gitlab::UrlSanitizer 2017-09-08 14:48:10 +00:00			`@url = parse_url(url)`
some refactoring based on feedback 2016-03-21 12:15:51 +00:00			`end`

			`def sanitized_url`
			`@sanitized_url \|\|= safe_url.to_s`
			`end`

Mask credentials from URL when import of project has failed. 2016-05-19 02:16:36 +00:00			`def masked_url`
			`url = @url.dup`
Backport EE fixes to Gitlab::UrlSanitizer to CE 2017-09-06 11:29:14 +00:00			`url.password = "*****" if url.password.present?`
			`url.user = "*****" if url.user.present?`
Mask credentials from URL when import of project has failed. 2016-05-19 02:16:36 +00:00			`url.to_s`
			`end`

some refactoring based on feedback 2016-03-21 12:15:51 +00:00			`def credentials`
Backport EE fixes to Gitlab::UrlSanitizer to CE 2017-09-06 11:29:14 +00:00			`@credentials \|\|= { user: @url.user.presence, password: @url.password.presence }`
some refactoring based on feedback 2016-03-21 12:15:51 +00:00			`end`

Hide password on import by url form 2019-04-11 15:26:16 +00:00			`def user`
			`credentials[:user]`
			`end`

more refactoring 2016-03-21 14:11:05 +00:00			`def full_url`
			`@full_url \|\|= generate_full_url.to_s`
			`end`

some refactoring based on feedback 2016-03-21 12:15:51 +00:00			`private`

Backport more EE changes to Gitlab::UrlSanitizer 2017-09-08 14:48:10 +00:00			`def parse_url(url)`
			`url = url.to_s.strip`
			`match = url.match(%r{\A(?:git\|ssh\|http(?:s?))\://(?:(.+)(?:@))?(.+)})`
			`raw_credentials = match[1] if match`

			`if raw_credentials.present?`
			`url.sub!("#{raw_credentials}@", '')`

Properly handle colons in URL passwords Before b46d5b13ecb8e0c0793fa433bff7f49cb0612760, we relied on `Addressable::URI` to parse the username/password in a URL, but this failed when credentials contained special characters. However, this introduced a regression where the parsing would incorrectly truncate the password if the password had a colon. Closes #49080 2018-07-10 20:00:21 +00:00			`user, _, password = raw_credentials.partition(':')`
Add latest changes from gitlab-org/gitlab@master 2022-03-25 03:08:30 +00:00
			`@credentials \|\|= {}`
			`@credentials[:user] = user.presence if @credentials[:user].blank?`
			`@credentials[:password] = password.presence if @credentials[:password].blank?`
Backport more EE changes to Gitlab::UrlSanitizer 2017-09-08 14:48:10 +00:00			`end`

			`url = Addressable::URI.parse(url)`
			`url.password = password if password.present?`
			`url.user = user if user.present?`
			`url`
			`end`

more refactoring 2016-03-21 14:11:05 +00:00			`def generate_full_url`
fixed failing specs 2016-03-29 13:23:32 +00:00			`return @url unless valid_credentials?`
Adds Rubocop rule for line break after guard clause Adds a rubocop rule (with autocorrect) to ensure line break after guard clauses. 2017-11-14 09:02:39 +00:00
Escape username and password in UrlSanitizer#full_url If a user uses a password with certain characters (e.g. /, #, +, etc.) UrlSanitizer#full_url will generate an invalid URL that cannot be parsed properly by Addressable::URI. If used with UrlBlocker, this will be flagged as an invalid URI. 2018-07-18 05:50:08 +00:00			`@url.dup.tap do \|generated\|`
			`generated.password = encode_percent(credentials[:password]) if credentials[:password].present?`
			`generated.user = encode_percent(credentials[:user]) if credentials[:user].present?`
			`end`
more refactoring 2016-03-21 14:11:05 +00:00			`end`

some refactoring based on feedback 2016-03-21 12:15:51 +00:00			`def safe_url`
			`safe_url = @url.dup`
			`safe_url.password = nil`
			`safe_url.user = nil`
			`safe_url`
			`end`
fixed failing specs 2016-03-29 13:23:32 +00:00
			`def valid_credentials?`
			`credentials && credentials.is_a?(Hash) && credentials.any?`
			`end`
Escape username and password in UrlSanitizer#full_url If a user uses a password with certain characters (e.g. /, #, +, etc.) UrlSanitizer#full_url will generate an invalid URL that cannot be parsed properly by Addressable::URI. If used with UrlBlocker, this will be flagged as an invalid URI. 2018-07-18 05:50:08 +00:00
			`def encode_percent(string)`
			`# CGI.escape converts spaces to +, but this doesn't work for git clone`
			`CGI.escape(string).gsub('+', '%20')`
			`end`
some refactoring based on feedback 2016-03-21 12:15:51 +00:00			`end`
fixed some rubocop warnings 2016-03-21 16:29:19 +00:00			`end`