Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add custom error for basic auth with HTTP #1176

Merged
merged 5 commits into from
Jan 5, 2023
Merged

Add custom error for basic auth with HTTP #1176

merged 5 commits into from
Jan 5, 2023

Conversation

HeavyWombat
Copy link
Contributor

@HeavyWombat HeavyWombat commented Dec 22, 2022
edited
Loading

Changes

Fixes #1131
Fixes #1133

Ref: #1116

Check that basic auth is not used in combination with a HTTP endpoint.

Redact log output in case basic auth is used with inline user fields, i.e. https://user:pass@url.com.

Submitter Checklist

  • Includes tests if functionality changed/was added
  • Includes docs if changes are user-facing
  • Set a kind label on this PR
  • Release notes block has been filled in, or marked NONE

See the contributor guide
for details on coding conventions, github and prow interactions, and the code review process.

Release Notes

The Git source step of a build strategy now returns a more elaborate error in case basic authentication (username and password) are used in combination with a HTTP URI. Instead of a generic error, an error message with an explanation is presented to be more clear and helpful. Also, inline credentials used in the URL will be redacted in the log output.

@HeavyWombat HeavyWombat added the kind/bug Categorizes issue or PR as related to a bug. label Dec 22, 2022
@openshift-ci openshift-ci bot added the release-note Label for when a PR has specified a release note label Dec 22, 2022
@HeavyWombat HeavyWombat force-pushed the issue/1131 branch 3 times, most recently from 25bd9c4 to 74fa43f Compare December 22, 2022 22:58
SaschaSchwarze0
SaschaSchwarze0 requested changes Dec 23, 2022
View reviewed changes
cmd/git/main.go Outdated
Comment on lines 496 to 499
case hasUsername && hasPassword && !isHTTPSURL:
return typeUndef, &ExitError{
Code: 110,
Message: shpgit.AuthUnexpectedHTTP.ToMessage(),
Reason: shpgit.AuthUnexpectedHTTP,
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're here checking if the URL is not HTTPS and then return an error stating that HTTP is unexpected. What happens if the protocol is neither http nor https but maybe htps ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, good point. I tried to be too minimalistic here I guess.

@HeavyWombat HeavyWombat mentioned this pull request Jan 1, 2023
Closed
@HeavyWombat
Refactor username/password test cases
c61a690 
Change test cases for username and password to use same function style.
@HeavyWombat
Fix linter warnings
ed5f8d9 
Fix linter warning by renaing variable or inlining them.
@HeavyWombat
Add custom error for basic auth with HTTP
46ae1d4 
Fixes: #1131

Ref: #1116

Check that basic auth is not used in combination with a HTTP endpoint.
@HeavyWombat
Redact incline credentials in log
bfce81e 
Introduce display URL that is a safe version of the provided URL to be
used for logging.

Refactor test case code in order to allow for more flexibility.
@HeavyWombat
Do not dump SSH key to output
11ff2da 
Do not write the SSH key in the test output.
HeavyWombat
HeavyWombat commented Jan 4, 2023
View reviewed changes
cmd/git/main.go
@@ -127,13 +129,18 @@ func Execute(ctx context.Context) error {
return err
}

checkGitVersionSpecificSettings(ctx)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Inlined the two checks from checkGitVersionSpecificSettings in the main Execute function to make it simpler and more readable.

HeavyWombat
HeavyWombat commented Jan 4, 2023
View reviewed changes
cmd/git/main.go

return nil
// Create clean version of the URL that should be safe to be displayed in logs
displayURL = cleanURL()
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line line is really new.

HeavyWombat
HeavyWombat commented Jan 4, 2023
View reviewed changes
cmd/git/main_test.go
func withLogOutput(out io.Writer) runOpts { return func(o *opts) { o.logOutput = out } }
func withArgs(args ...string) runOpts { return func(o *opts) { o.args = args } }

func run(o ...runOpts) error {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moved the run function from within the Describe into the global context and changed it that it is more flexible.

SaschaSchwarze0
SaschaSchwarze0 approved these changes Jan 5, 2023
View reviewed changes
Copy link
Member

@SaschaSchwarze0 SaschaSchwarze0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jan 5, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jan 5, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: SaschaSchwarze0

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 5, 2023
@openshift-merge-robot openshift-merge-robot merged commit a473610 into main Jan 5, 2023
@SaschaSchwarze0 SaschaSchwarze0 added this to the release-v0.12.0 milestone Jan 9, 2023
@SaschaSchwarze0 SaschaSchwarze0 deleted the issue/1131 branch February 15, 2023 19:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SaschaSchwarze0 SaschaSchwarze0 SaschaSchwarze0 approved these changes

@adambkaplan adambkaplan Awaiting requested review from adambkaplan

@qu1queee qu1queee Awaiting requested review from qu1queee

@dalbar dalbar Awaiting requested review from dalbar

Assignees

@SaschaSchwarze0 SaschaSchwarze0

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. release-note Label for when a PR has specified a release note
Projects
None yet
Milestone
release-v0.12.0
Development

Successfully merging this pull request may close these issues.

Git source: doublecheck logging of the source URL Git source: prevent usage of a secret with HTTP protocol
3 participants
@HeavyWombat @SaschaSchwarze0 @openshift-merge-robot