fix: clean user information from remote url if it contains username a…

…nd token (#2457)
goreleaser · Sep 3, 2021 · 5a01a10 · 5a01a10 · vercel · Sep 3, 2021
1 parent 1e40bba
commit 5a01a10
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 3 deletions.
diff --git a/internal/pipe/git/git.go b/internal/pipe/git/git.go
@@ -2,6 +2,7 @@ package git
 
 import (
 	"fmt"
+	"net/url"
 	"os"
 	"os/exec"
 	"strconv"
@@ -82,10 +83,20 @@ func getGitInfo() (context.GitInfo, error) {
 	if err != nil {
 		return context.GitInfo{}, fmt.Errorf("couldn't get commit date: %w", err)
 	}
-	url, err := getURL()
+	gitURL, err := getURL()
 	if err != nil {
 		return context.GitInfo{}, fmt.Errorf("couldn't get remote URL: %w", err)
 	}
+
+	if strings.HasPrefix(gitURL, "https://") {
+		u, err := url.Parse(gitURL)
+		if err != nil {
+			return context.GitInfo{}, fmt.Errorf("couldn't parse remote URL: %w", err)
+		}
+		u.User = nil
+		gitURL = u.String()
+	}
+
 	tag, err := getTag()
 	if err != nil {
 		return context.GitInfo{
@@ -94,7 +105,7 @@ func getGitInfo() (context.GitInfo, error) {
 			FullCommit:  full,
 			ShortCommit: short,
 			CommitDate:  date,
-			URL:         url,
+			URL:         gitURL,
 			CurrentTag:  "v0.0.0",
 		}, ErrNoTag
 	}
@@ -105,7 +116,7 @@ func getGitInfo() (context.GitInfo, error) {
 		FullCommit:  full,
 		ShortCommit: short,
 		CommitDate:  date,
-		URL:         url,
+		URL:         gitURL,
 	}, nil
 }
 

diff --git a/internal/pipe/git/git_test.go b/internal/pipe/git/git_test.go
@@ -115,6 +115,28 @@ func TestDirty(t *testing.T) {
 	})
 }
 
+func TestRemoteURLContainsWithUsernameAndToken(t *testing.T) {
+	testlib.Mktmp(t)
+	testlib.GitInit(t)
+	testlib.GitRemoteAdd(t, "https://gitlab-ci-token:SyYhsAghYFTvMoxw7GAg@gitlab.private.com/platform/base/poc/kink.git/releases/tag/v0.1.4")
+	testlib.GitAdd(t)
+	testlib.GitCommit(t, "commit2")
+	testlib.GitTag(t, "v0.0.1")
+	ctx := context.New(config.Project{})
+	require.NoError(t, Pipe{}.Run(ctx))
+}
+
+func TestRemoteURLContainsWithUsernameAndTokenWithInvalidURL(t *testing.T) {
+	testlib.Mktmp(t)
+	testlib.GitInit(t)
+	testlib.GitRemoteAdd(t, "https://gitlab-ci-token:SyYhsAghYFTvMoxw7GAggitlab.com/platform/base/poc/kink.git/releases/tag/v0.1.4")
+	testlib.GitAdd(t)
+	testlib.GitCommit(t, "commit2")
+	testlib.GitTag(t, "v0.0.1")
+	ctx := context.New(config.Project{})
+	require.Error(t, Pipe{}.Run(ctx))
+}
+
 func TestShallowClone(t *testing.T) {
 	folder := testlib.Mktmp(t)
 	require.NoError(