// Copyright 2023 Harness, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package api
import (
"bytes"
"fmt"
"strconv"
"time"
"unicode"
"github.com/yuin/goldmark/util"
)
const (
// GitTimeLayout is the (default) time layout used by git.
GitTimeLayout = "Mon Jan _2 15:04:05 2006 -0700"
userPlaceholder = "sanitized-credential"
)
var schemeSep = []byte("://")
func NewSignatureFromCommitLine(line []byte) (Signature, error) {
emailStart := bytes.LastIndexByte(line, '<')
emailEnd := bytes.LastIndexByte(line, '>')
if emailStart == -1 || emailEnd == -1 || emailEnd < emailStart {
return Signature{}, ErrInvalidSignature
}
sig := Signature{
Identity: Identity{
Name: string(line[:emailStart-1]),
Email: string(line[emailStart+1 : emailEnd]),
},
}
dateStart := emailEnd + 2
hasTime := dateStart < len(line)
if !hasTime {
return sig, nil
}
// Check date format.
firstChar := line[dateStart]
//nolint:nestif
if firstChar >= 48 && firstChar <= 57 {
idx := bytes.IndexByte(line[dateStart:], ' ')
if idx < 0 {
return sig, nil
}
timestring := string(line[dateStart : dateStart+idx])
seconds, _ := strconv.ParseInt(timestring, 10, 64)
sig.When = time.Unix(seconds, 0)
idx += emailEnd + 3
if idx >= len(line) || idx+5 > len(line) {
return sig, nil
}
timezone := string(line[idx : idx+5])
tzhours, err := strconv.ParseInt(timezone[0:3], 10, 64)
if err != nil {
return Signature{}, fmt.Errorf("failed to parse tzhours: %w", err)
}
tzmins, err := strconv.ParseInt(timezone[3:], 10, 64)
if err != nil {
return Signature{}, fmt.Errorf("failed to parse tzmins: %w", err)
}
if tzhours < 0 {
tzmins *= -1
}
tz := time.FixedZone("", int(tzhours*60*60+tzmins*60))
sig.When = sig.When.In(tz)
} else {
t, err := time.Parse(GitTimeLayout, string(line[dateStart:]))
if err != nil {
return Signature{}, fmt.Errorf("failed to parse git time: %w", err)
}
sig.When = t
}
return sig, nil
}
// SanitizeCredentialURLs remove all credentials in URLs (starting with "scheme://")
// for the input string: "https://user:pass@domain.com" => "https://sanitized-credential@domain.com"
func SanitizeCredentialURLs(s string) string {
bs := util.StringToReadOnlyBytes(s)
schemeSepPos := bytes.Index(bs, schemeSep)
if schemeSepPos == -1 || bytes.IndexByte(bs[schemeSepPos:], '@') == -1 {
return s // fast return if there is no URL scheme or no userinfo
}
out := make([]byte, 0, len(bs)+len(userPlaceholder))
for schemeSepPos != -1 {
schemeSepPos += 3 // skip the "://"
sepAtPos := -1 // the possible '@' position: "https://foo@[^here]host"
sepEndPos := schemeSepPos // the possible end position: "The https://host[^here] in log for test"
sepLoop:
for ; sepEndPos < len(bs); sepEndPos++ {
c := bs[sepEndPos]
if ('A' <= c && c <= 'Z') || ('a' <= c && c <= 'z') || ('0' <= c && c <= '9') {
continue
}
switch c {
case '@':
sepAtPos = sepEndPos
case '-', '.', '_', '~', '!', '$', '&', '\'', '(', ')', '*', '+', ',', ';', '=', ':', '%':
continue // due to RFC 3986, userinfo can contain - . _ ~ ! $ & ' ( ) * + , ; = : and any percent-encoded chars
default:
break sepLoop // if it is an invalid char for URL (eg: space, '/', and others), stop the loop
}
}
// if there is '@', and the string is like "s://u@h", then hide the "u" part
if sepAtPos != -1 && (schemeSepPos >= 4 && unicode.IsLetter(rune(bs[schemeSepPos-4]))) &&
sepAtPos-schemeSepPos > 0 && sepEndPos-sepAtPos > 0 {
out = append(out, bs[:schemeSepPos]...)
out = append(out, userPlaceholder...)
out = append(out, bs[sepAtPos:sepEndPos]...)
} else {
out = append(out, bs[:sepEndPos]...)
}
bs = bs[sepEndPos:]
schemeSepPos = bytes.Index(bs, schemeSep)
}
out = append(out, bs...)
return util.BytesToReadOnlyString(out)
}