strip repository user-info from repository list view

Vladimir Kotal · Vladimir Kotal · commit 54aac5b5a73b · 2018-11-02T12:30:09.000+01:00
fixes #2004
diff --git a/opengrok-indexer/src/main/java/org/opengrok/indexer/web/Util.java b/opengrok-indexer/src/main/java/org/opengrok/indexer/web/Util.java
@@ -1675,8 +1675,31 @@ public static boolean isHttpUri(String string) {
         return url.getProtocol().equals("http") || url.getProtocol().equals("https");
     }
 
+    protected final static String REDACTED_USER_INFO = "redacted_by_OpenGrok";
+
+    /**
+     * If given path is a URL, return the string representation with the user-info part filtered out.
+     * @param path path to object
+     * @return either the original string or string representation of URL with the user-info part removed
+     */
+    public static String redactUrl(String path) {
+        URL url;
+        try {
+            url = new URL(path);
+        } catch (MalformedURLException e) {
+            // not an URL
+            return path;
+        }
+        if (url.getUserInfo() != null) {
+            return url.toString().replace(url.getUserInfo(),
+                    REDACTED_USER_INFO);
+        } else {
+            return url.toString();
+        }
+    }
+
     /**
-     * Build a html link to the given http url. If the URL is not an http URL
+     * Build a HTML link to the given HTTP URL. If the URL is not an http URL
      * then it is returned as it was received. This has the same effect as
      * invoking <code>linkify(url, true)</code>.
      *
diff --git a/opengrok-indexer/src/test/java/org/opengrok/indexer/web/UtilTest.java b/opengrok-indexer/src/test/java/org/opengrok/indexer/web/UtilTest.java
@@ -350,6 +350,16 @@ public void testIsUrl() {
         assertFalse(Util.isHttpUri("smtp://example.com/OpenGrok/OpenGrok"));
     }
 
+    @Test
+    public void testRedactUrl() {
+        assertEquals("/foo/bar", Util.redactUrl("/foo/bar"));
+        assertEquals("http://foo/bar?r=xxx", Util.redactUrl("http://foo/bar?r=xxx"));
+        assertEquals("http://" + Util.REDACTED_USER_INFO + "@foo/bar?r=xxx",
+                Util.redactUrl("http://user@foo/bar?r=xxx"));
+        assertEquals("http://" + Util.REDACTED_USER_INFO + "@foo/bar?r=xxx",
+                Util.redactUrl("http://user:pass@foo/bar?r=xxx"));
+    }
+
     @Test
     public void testLinkify() throws URISyntaxException, MalformedURLException {
         assertTrue(Util.linkify("http://www.example.com")
diff --git a/opengrok-web/src/main/webapp/repos.jspf b/opengrok-web/src/main/webapp/repos.jspf
@@ -171,7 +171,7 @@ Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
                         <span class="important-note important-note-rounded" data-messages='<%= messages %>'>!</span>
                     <% } %>
                                 </td><%
-                            String parent = ri.getParent();
+                            String parent = Util.redactUrl(ri.getParent());
                             if (parent == null) {
                                 parent = "N/A";
                             }
@@ -301,7 +301,7 @@ Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
                         <span class="important-note important-note-rounded" data-messages='<%= messages %>'>!</span>
                     <% } %>
                     </td><%
-                                String parent = ri.getParent();
+                                String parent = Util.redactUrl(ri.getParent());
                                 if (parent == null) {
                                     parent = "N/A";
                                 }
