Introduce BitbucketHttpError to redact more effectively

Author: filiptronicek

components/server/src/bitbucket-server/bitbucket-server-context-parser.ts

@@ -13,6 +13,7 @@ import { AbstractContextParser, IContextParser, URLParts } from "../workspace/co
 import { URL } from "url";
 import { BitbucketServer, BitbucketServerApi } from "./bitbucket-server-api";
 import { BitbucketServerTokenHelper } from "./bitbucket-server-token-handler";
+import { handleBitbucketError } from "./utils";
 
 const DEFAULT_BRANCH = "master";
 
@@ -87,11 +88,8 @@ export class BitbucketServerContextParser extends AbstractContextParser implemen
 
             return await this.handleNavigatorContext(ctx, user, repoKind, host, owner, repoName, more);
         } catch (e) {
-            span.addTags({ contextUrl }).log({ error: e });
-            let error = e;
-            if (e.name === "HTTPError") {
-                error = e.status; // we don't want to expose the full error message since it contains credentials
-            }
+            const error = e instanceof Error ? handleBitbucketError(e) : e;
+            span.addTags({ contextUrl }).log({ error });
             log.error({ userId: user.id }, "Error parsing Bitbucket context", error);
             throw e;
         } finally {
@@ -274,11 +272,8 @@ export class BitbucketServerContextParser extends AbstractContextParser implemen
                 repository,
             };
         } catch (e) {
-            span.log({ error: e });
-            let error = e;
-            if (e.name === "HTTPError") {
-                error = e.status; // we don't want to expose the full error message since it contains credentials
-            }
+            const error = e instanceof Error ? handleBitbucketError(e) : e;
+            span.log({ error });
             log.error({ userId: user.id }, "Error parsing Bitbucket navigator request context", error);
             throw e;
         } finally {

components/server/src/bitbucket-server/utils.ts

@@ -0,0 +1,21 @@
+/**
+ * Copyright (c) 2024 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License.AGPL.txt in the project root for license information.
+ */
+
+import { HTTPError } from "bitbucket/src/error/types";
+
+export class BitbucketHttpError extends Error {
+    status: number;
+    constructor(originalErr: HTTPError, message: string) {
+        if (originalErr.request?.headers.authorization) {
+            originalErr.request.headers.authorization = "<redacted>";
+        }
+        super(message);
+    }
+}
+
+export function handleBitbucketError(err: Error): Error {
+    return err instanceof HTTPError ? new BitbucketHttpError(err, "Error parsing BB context") : err;
+}

components/server/src/bitbucket/bitbucket-context-parser.ts

@@ -20,6 +20,7 @@ import { NotFoundError } from "../errors";
 import { AbstractContextParser, IContextParser, IssueContexts } from "../workspace/context-parser";
 import { BitbucketApiFactory } from "./bitbucket-api-factory";
 import { BitbucketTokenHelper } from "./bitbucket-token-handler";
+import { handleBitbucketError } from "../bitbucket-server/utils";
 
 const DEFAULT_BRANCH = "master";
 
@@ -103,11 +104,8 @@ export class BitbucketContextParser extends AbstractContextParser implements ICo
             }
             return await this.handleNavigatorContext(ctx, user, host, owner, repoName);
         } catch (e) {
-            span.addTags({ contextUrl }).log({ error: e });
-            let error = e;
-            if (e.name === "HTTPError") {
-                error = e.status; // we don't want to expose the full error message since it contains credentials
-            }
+            const error = e instanceof Error ? handleBitbucketError(e) : e;
+            span.addTags({ contextUrl }).log({ error });
             log.error({ userId: user.id }, "Error parsing Bitbucket context", error);
             throw e;
         } finally {
@@ -214,11 +212,8 @@ export class BitbucketContextParser extends AbstractContextParser implements ICo
                 repository,
             } as NavigatorContext;
         } catch (e) {
+            const error = e instanceof Error ? handleBitbucketError(e) : e;
             span.log({ error: e });
-            let error = e;
-            if (e.name === "HTTPError") {
-                error = e.status; // we don't want to expose the full error message since it contains credentials
-            }
             log.error({ userId: user.id }, "Error parsing Bitbucket navigator request context", error);
             throw e;
         } finally {
@@ -279,11 +274,8 @@ export class BitbucketContextParser extends AbstractContextParser implements ICo
                 owner,
             };
         } catch (e) {
-            span.log({ error: e });
-            let error = e;
-            if (e.name === "HTTPError") {
-                error = e.status; // we don't want to expose the full error message since it contains credentials
-            }
+            const error = e instanceof Error ? handleBitbucketError(e) : e;
+            span.log({ error });
             log.error({ userId: user.id }, "Error parsing Bitbucket pull request context", error);
             throw e;
         } finally {
@@ -315,11 +307,8 @@ export class BitbucketContextParser extends AbstractContextParser implements ICo
                 localBranch: IssueContexts.toBranchName(user, more.title, more.nr),
             };
         } catch (e) {
-            span.log({ error: e });
-            let error = e;
-            if (e.name === "HTTPError") {
-                error = e.status; // we don't want to expose the full error message since it contains credentials
-            }
+            const error = e instanceof Error ? handleBitbucketError(e) : e;
+            span.log({ error });
             log.error({ userId: user.id }, "Error parsing Bitbucket issue context", error);
             throw e;
         } finally {

components/server/src/bitbucket/bitbucket-file-provider.ts

@@ -9,6 +9,7 @@ import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
 import { inject, injectable } from "inversify";
 import { FileProvider, MaybeContent, RevisionNotFoundError } from "../repohost/file-provider";
 import { BitbucketApiFactory } from "./bitbucket-api-factory";
+import { handleBitbucketError } from "../bitbucket-server/utils";
 
 @injectable()
 export class BitbucketFileProvider implements FileProvider {
@@ -47,16 +48,14 @@ export class BitbucketFileProvider implements FileProvider {
 
             return lastCommit;
         } catch (err) {
-            if (err.status && err.status === 404) {
+            const error = err instanceof Error ? handleBitbucketError(err) : err;
+            if (error.status && error.status === 404) {
                 throw new RevisionNotFoundError(
                     `File ${path} does not exist in repository ${repository.owner}/${repository.name}`,
                 );
             }
 
-            if (err.name === "HTTPError") {
-                err = err.status; // we don't want to expose the full error message since it contains credentials
-            }
-            log.error({ userId: user.id }, err);
+            log.error({ userId: user.id }, error);
             throw new Error(`Could not fetch ${path} of repository ${repository.owner}/${repository.name}: ${err}`);
         }
     }
@@ -79,10 +78,8 @@ export class BitbucketFileProvider implements FileProvider {
             ).data;
             return contents as string;
         } catch (err) {
-            if (err.name === "HTTPError") {
-                err = err.status; // we don't want to expose the full error message since it contains credentials
-            }
-            log.debug({ userId: user.id }, err);
+            const error = err instanceof Error ? handleBitbucketError(err) : err;
+            log.debug({ userId: user.id }, error);
         }
     }
 }