diff options
author | Patrick Steinhardt <psteinhardt@gitlab.com> | 2022-06-28 09:31:40 +0300 |
---|---|---|
committer | Patrick Steinhardt <psteinhardt@gitlab.com> | 2022-06-28 10:19:24 +0300 |
commit | 811ecd227de57e6833bf398acd8412a8d45b9282 (patch) | |
tree | 2e7cf8d1d69cc1621deb8e78ed1e2c8b461794b5 | |
parent | ff61cc6001b505da4289b38ade0cf6be55b0ab33 (diff) |
repository: Fix test to verify that credentials are stripped
When cloning a repository via `cloneFromURLCommand()`, we strip
credentials from the URL in order to not leak them. The test we have
that verifies that the credentials are not part of the resulting
command's arguments is wrong though: it checks that the array of args
doesn't have the complete user information, but it only checks for an
exact match. What we want to check instead is that none of the args
carries the credentials.
Fix the check by looping through all arguments and verifying that none
of them contain the credentials. Also, rename the username from the
rather generic `"user"` to something that is less likely to clash with
any host information like e.g. paths.
-rw-r--r-- | internal/gitaly/service/repository/create_repository_from_url_test.go | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/internal/gitaly/service/repository/create_repository_from_url_test.go b/internal/gitaly/service/repository/create_repository_from_url_test.go index 800c95ff4..0b6f52cea 100644 --- a/internal/gitaly/service/repository/create_repository_from_url_test.go +++ b/internal/gitaly/service/repository/create_repository_from_url_test.go @@ -191,7 +191,7 @@ func TestServer_CloneFromURLCommand(t *testing.T) { cfg := testcfg.Build(t) s := server{cfg: cfg, gitCmdFactory: gittest.NewCommandFactory(t, cfg)} - userInfo := "user:pass%21%3F%40" + user, password := "example_user", "pass%21%3F%40" for _, tc := range []struct { desc string @@ -201,11 +201,11 @@ func TestServer_CloneFromURLCommand(t *testing.T) { }{ { desc: "user credentials", - url: fmt.Sprintf("https://%s@192.0.2.1/secretrepo.git", userInfo), + url: fmt.Sprintf("https://%s:%s@192.0.2.1/secretrepo.git", user, password), token: "", expectedAuthHeader: fmt.Sprintf( "http.extraHeader=Authorization: Basic %s", - base64.StdEncoding.EncodeToString([]byte("user:pass!?@")), + base64.StdEncoding.EncodeToString([]byte("example_user:pass!?@")), ), }, { @@ -234,7 +234,10 @@ func TestServer_CloneFromURLCommand(t *testing.T) { require.Contains(t, args, "https://192.0.2.1/secretrepo.git") require.Contains(t, args, tc.expectedAuthHeader) require.Contains(t, args, "http.extraHeader=Host: www.example.com") - require.NotContains(t, args, userInfo) + for _, arg := range args { + require.NotContains(t, arg, user) + require.NotContains(t, arg, password) + } }) } } |