Merge pull request #241 from damnhandy/master

Added code to ensure that passwords are not included git.remote.origin.url
git-commit-id · Mar 26, 2016 · c2997b8 · c2997b8
2 parents 80abddb + a3bcc35
commit c2997b8
Show file tree

Hide file tree

Showing 4 changed files with 105 additions and 3 deletions.
diff --git a/src/main/java/pl/project13/maven/git/GitDataProvider.java b/src/main/java/pl/project13/maven/git/GitDataProvider.java
@@ -17,15 +17,18 @@
 
 package pl.project13.maven.git;
 
+import org.apache.http.client.utils.URIBuilder;
 import org.jetbrains.annotations.NotNull;
 import pl.project13.maven.git.log.LoggerBridge;
 import pl.project13.maven.git.util.PropertyManager;
 
-import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.util.Map;
 import java.util.Properties;
 import java.util.TimeZone;
 import java.text.SimpleDateFormat;
+import java.util.regex.Pattern;
 
 import static com.google.common.base.Strings.isNullOrEmpty;
 
@@ -228,4 +231,48 @@ protected void put(@NotNull Properties properties, String key, String value) {
     log.info("{} {}", keyWithPrefix, value);
     PropertyManager.putWithoutPrefix(properties, keyWithPrefix, value);
   }
+
+  /**
+   * Regex to check for SCP-style SSH+GIT connection strings such as 'git@github.com'
+   */
+  static final Pattern GIT_SCP_FORMAT = Pattern.compile("^([a-zA-Z0-9_.+-])+@(.*)");
+  /**
+   * If the git remote value is a URI and contains a user info component, strip the password from it if it exists.
+   *
+   * @param gitRemoteString The value of the git remote
+   * @return
+   * @throws GitCommitIdExecutionException
+     */
+  protected static String stripCredentialsFromOriginUrl(String gitRemoteString) throws GitCommitIdExecutionException {
+
+    // The URL might be null if the repo hasn't set a remote
+    if (gitRemoteString == null) {
+      return gitRemoteString;
+    }
+
+    // Remotes using ssh connection strings in the 'git@github' format aren't
+    // proper URIs and won't parse . Plus since you should be using SSH keys,
+    // credentials like are not in the URL.
+    if (GIT_SCP_FORMAT.matcher(gitRemoteString).matches()) {
+      return gitRemoteString;
+    }
+    // At this point, we should have a properly formatted URL
+    try {
+      URI original = new URI(gitRemoteString);
+      String userInfoString = original.getUserInfo();
+      if (null == userInfoString) {
+        return gitRemoteString;
+      }
+      URIBuilder b = new URIBuilder(gitRemoteString);
+      String[] userInfo = userInfoString.split(":");
+      // Build a new URL from the original URL, but nulling out the password
+      // component of the userinfo. We keep the username so that ssh uris such
+      // ssh://git@github.com will retain 'git@'.
+      b.setUserInfo(userInfo[0]);
+      return b.build().toString();
+
+    } catch (URISyntaxException e) {
+      throw new GitCommitIdExecutionException(e);
+    }
+  }
 }
diff --git a/src/main/java/pl/project13/maven/git/JGitProvider.java b/src/main/java/pl/project13/maven/git/JGitProvider.java
@@ -167,7 +167,8 @@ protected String getCommitTime() throws GitCommitIdExecutionException {
 
   @Override
   protected String getRemoteOriginUrl() throws GitCommitIdExecutionException {
-    return git.getConfig().getString("remote", "origin", "url");
+    String url = git.getConfig().getString("remote", "origin", "url");
+    return stripCredentialsFromOriginUrl(url);
   }
 
   @Override

diff --git a/src/main/java/pl/project13/maven/git/NativeGitProvider.java b/src/main/java/pl/project13/maven/git/NativeGitProvider.java
@@ -249,7 +249,7 @@ private String getOriginRemote(File directory) throws GitCommitIdExecutionExcept
         remoteUrl = split[1];
       }
     }
-    return remoteUrl;
+    return stripCredentialsFromOriginUrl(remoteUrl);
   }
 
   /**

diff --git a/src/test/java/pl/project13/maven/git/UriUserInfoRemoverTest.java b/src/test/java/pl/project13/maven/git/UriUserInfoRemoverTest.java
@@ -0,0 +1,54 @@
+package pl.project13.maven.git;
+
+import static org.junit.Assert.assertEquals;
+
+import org.apache.http.client.utils.URIBuilder;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
+
+/**
+ * Created by ryan on 3/21/16.
+ */
+public class UriUserInfoRemoverTest {
+
+    @Test
+    public void testHttpsUriWithoutUserInfo() throws Exception {
+        String result = GitDataProvider.stripCredentialsFromOriginUrl("https://example.com");
+        assertEquals("https://example.com", result);
+    }
+
+    @Test
+    public void testHttpsUriWithUserInfo() throws Exception {
+        String result = GitDataProvider.stripCredentialsFromOriginUrl("https://user@example.com");
+        assertEquals("https://user@example.com", result);
+    }
+
+    @Test
+    public void testHttpsUriWithUserInfoAndPassword() throws Exception {
+        String result = GitDataProvider.stripCredentialsFromOriginUrl("https://user:password@example.com");
+        assertEquals("https://user@example.com", result);
+    }
+
+    @Test
+    public void testWithSCPStyleSSHProtocolGitHub() throws Exception {
+        String result = GitDataProvider.stripCredentialsFromOriginUrl("git@github.com");
+        assertEquals("git@github.com",result);
+    }
+
+    @Test
+    public void testWithSCPStyleSSHProtocol() throws Exception {
+        String result = GitDataProvider.stripCredentialsFromOriginUrl("user@host.xz:~user/path/to/repo.git");
+        assertEquals("user@host.xz:~user/path/to/repo.git",result);
+    }
+
+    @Test
+    public void testWithSSHUri() throws Exception {
+        String result = GitDataProvider.stripCredentialsFromOriginUrl("ssh://git@github.com/");
+        assertEquals("ssh://git@github.com/",result);
+    }
+}