gitlab-org--gitlab-foss/lib/gitlab/url_sanitizer.rb

module Gitlab
  class UrlSanitizer
    def self.sanitize(content)
      regexp = URI::Parser.new.make_regexp(%w(http https ssh git))

      content.gsub(regexp) { |url| new(url).masked_url }
    rescue Addressable::URI::InvalidURIError
      content.gsub(regexp, '')
    end

    def self.valid?(url)
      return false unless url

      Addressable::URI.parse(url.strip)

      true
    rescue Addressable::URI::InvalidURIError
      false
    end

    def initialize(url, credentials: nil)
      @url = Addressable::URI.parse(url.strip)
      @credentials = credentials
    end

    def sanitized_url
      @sanitized_url ||= safe_url.to_s
    end

    def masked_url
      url = @url.dup
      url.password = "*****" unless url.password.nil?
      url.user = "*****" unless url.user.nil?
      url.to_s
    end

    def credentials
      @credentials ||= { user: @url.user, password: @url.password }
    end

    def full_url
      @full_url ||= generate_full_url.to_s
    end

    private

    def generate_full_url
      return @url unless valid_credentials?
      @full_url = @url.dup
      @full_url.user = credentials[:user]
      @full_url.password = credentials[:password]
      @full_url
    end

    def safe_url
      safe_url = @url.dup
      safe_url.password = nil
      safe_url.user = nil
      safe_url
    end

    def valid_credentials?
      credentials && credentials.is_a?(Hash) && credentials.any?
    end
  end
end
some refactoring based on feedback 2016-03-21 08:15:51 -04:00			`module Gitlab`
Mask credentials from URL when import of project has failed. 2016-05-18 22:16:36 -04:00			`class UrlSanitizer`
			`def self.sanitize(content)`
Enable Style/WordArray 2017-02-22 12:46:57 -05:00			`regexp = URI::Parser.new.make_regexp(%w(http https ssh git))`
Mask credentials from URL when import of project has failed. 2016-05-18 22:16:36 -04:00
			`content.gsub(regexp) { \|url\| new(url).masked_url }`
spec and fix for sanitize method 2016-07-11 03:01:09 -04:00			`rescue Addressable::URI::InvalidURIError`
			`content.gsub(regexp, '')`
Mask credentials from URL when import of project has failed. 2016-05-18 22:16:36 -04:00			`end`

use class method 2016-06-30 08:30:07 -04:00			`def self.valid?(url)`
Fix for creating a project through API when import_url is nil The API was returning 500 when `nil` is passed for the `import_url`. In fact, it was `Gitlab::UrlSanitizer.valid?` which was throwing a `NoMethodError` when `nil` value was passed. 2017-03-09 10:39:09 -05:00			`return false unless url`

use class method 2016-06-30 08:30:07 -04:00			`Addressable::URI.parse(url.strip)`

			`true`
			`rescue Addressable::URI::InvalidURIError`
			`false`
			`end`

more refactoring 2016-03-21 10:11:05 -04:00			`def initialize(url, credentials: nil)`
few changes based on feedback 2016-06-30 07:17:37 -04:00			`@url = Addressable::URI.parse(url.strip)`
more refactoring 2016-03-21 10:11:05 -04:00			`@credentials = credentials`
some refactoring based on feedback 2016-03-21 08:15:51 -04:00			`end`

			`def sanitized_url`
			`@sanitized_url \|\|= safe_url.to_s`
			`end`

Mask credentials from URL when import of project has failed. 2016-05-18 22:16:36 -04:00			`def masked_url`
			`url = @url.dup`
			`url.password = "*****" unless url.password.nil?`
			`url.user = "*****" unless url.user.nil?`
			`url.to_s`
			`end`

some refactoring based on feedback 2016-03-21 08:15:51 -04:00			`def credentials`
			`@credentials \|\|= { user: @url.user, password: @url.password }`
			`end`

more refactoring 2016-03-21 10:11:05 -04:00			`def full_url`
			`@full_url \|\|= generate_full_url.to_s`
			`end`

some refactoring based on feedback 2016-03-21 08:15:51 -04:00			`private`

more refactoring 2016-03-21 10:11:05 -04:00			`def generate_full_url`
fixed failing specs 2016-03-29 09:23:32 -04:00			`return @url unless valid_credentials?`
more refactoring 2016-03-21 10:11:05 -04:00			`@full_url = @url.dup`
refactored code based on feedback 2016-03-21 13:09:47 -04:00			`@full_url.user = credentials[:user]`
			`@full_url.password = credentials[:password]`
more refactoring 2016-03-21 10:11:05 -04:00			`@full_url`
			`end`

some refactoring based on feedback 2016-03-21 08:15:51 -04:00			`def safe_url`
			`safe_url = @url.dup`
			`safe_url.password = nil`
			`safe_url.user = nil`
			`safe_url`
			`end`
fixed failing specs 2016-03-29 09:23:32 -04:00
			`def valid_credentials?`
			`credentials && credentials.is_a?(Hash) && credentials.any?`
			`end`
some refactoring based on feedback 2016-03-21 08:15:51 -04:00			`end`
fixed some rubocop warnings 2016-03-21 12:29:19 -04:00			`end`