Hide sensitive content on admin panel progress monitor

Author: lunny

modules/git/command.go

@@ -17,6 +17,7 @@ import (
 
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/process"
+	"code.gitea.io/gitea/modules/util"
 )
 
 var (
@@ -34,6 +35,7 @@ const DefaultLocale = "C"
 type Command struct {
 	name          string
 	args          []string
+	urlArgInts    []int
 	parentContext context.Context
 	desc          string
 }
@@ -90,6 +92,13 @@ func (c *Command) AddArguments(args ...string) *Command {
 	return c
 }
 
+// AddURLArgument adds an argument which is a url which means password should be shadow when display in UI
+func (c *Command) AddURLArgument(arg string) *Command {
+	c.urlArgInts = append(c.urlArgInts, len(c.args))
+	c.args = append(c.args, arg)
+	return c
+}
+
 // RunInDirTimeoutEnvPipeline executes the command in given directory with given timeout,
 // it pipes stdout and stderr to given io.Writer.
 func (c *Command) RunInDirTimeoutEnvPipeline(env []string, timeout time.Duration, dir string, stdout, stderr io.Writer) error {
@@ -140,7 +149,12 @@ func (c *Command) RunWithContext(rc *RunContext) error {
 
 	desc := c.desc
 	if desc == "" {
-		desc = fmt.Sprintf("%s %s [repo_path: %s]", c.name, strings.Join(c.args, " "), rc.Dir)
+		args := make([]string, len(c.args))
+		copy(args, c.args)
+		for _, i := range c.urlArgInts {
+			args[i] = util.NewStringURLSanitizer(args[i], true).Replace(args[i])
+		}
+		desc = fmt.Sprintf("%s %s [repo_path: %s]", c.name, strings.Join(args, " "), rc.Dir)
 	}
 
 	ctx, cancel, finished := process.GetManager().AddContextTimeout(c.parentContext, rc.Timeout, desc)

modules/git/repo.go

@@ -152,7 +152,9 @@ func CloneWithArgs(ctx context.Context, from, to string, args []string, opts Clo
 	if len(opts.Branch) > 0 {
 		cmd.AddArguments("-b", opts.Branch)
 	}
-	cmd.AddArguments("--", from, to)
+	cmd.AddArguments("--")
+	cmd.AddURLArgument(from)
+	cmd.AddArguments(to)
 
 	if opts.Timeout <= 0 {
 		opts.Timeout = -1
@@ -197,7 +199,8 @@ func Push(ctx context.Context, repoPath string, opts PushOptions) error {
 	if opts.Mirror {
 		cmd.AddArguments("--mirror")
 	}
-	cmd.AddArguments("--", opts.Remote)
+	cmd.AddArguments("--")
+	cmd.AddURLArgument(opts.Remote)
 	if len(opts.Branch) > 0 {
 		cmd.AddArguments(opts.Branch)
 	}

services/mirror/mirror_pull.go

@@ -38,7 +38,9 @@ func UpdateAddress(ctx context.Context, m *repo_model.Mirror, addr string) error
 		return err
 	}
 
-	_, err = git.NewCommand(ctx, "remote", "add", remoteName, "--mirror=fetch", addr).RunInDir(repoPath)
+	cmd := git.NewCommand(ctx, "remote", "add", remoteName, "--mirror=fetch")
+	cmd.AddURLArgument(addr)
+	_, err = cmd.RunInDir(repoPath)
 	if err != nil && !strings.HasPrefix(err.Error(), "exit status 128 - fatal: No such remote ") {
 		return err
 	}
@@ -52,7 +54,9 @@ func UpdateAddress(ctx context.Context, m *repo_model.Mirror, addr string) error
 			return err
 		}
 
-		_, err = git.NewCommand(ctx, "remote", "add", remoteName, "--mirror=fetch", wikiRemotePath).RunInDir(wikiPath)
+		cmd = git.NewCommand(ctx, "remote", "add", remoteName, "--mirror=fetch")
+		cmd.AddURLArgument(wikiRemotePath)
+		_, err = cmd.RunInDir(wikiPath)
 		if err != nil && !strings.HasPrefix(err.Error(), "exit status 128 - fatal: No such remote ") {
 			return err
 		}

services/mirror/mirror_push.go

@@ -28,7 +28,9 @@ var stripExitStatus = regexp.MustCompile(`exit status \d+ - `)
 // AddPushMirrorRemote registers the push mirror remote.
 func AddPushMirrorRemote(ctx context.Context, m *repo_model.PushMirror, addr string) error {
 	addRemoteAndConfig := func(addr, path string) error {
-		if _, err := git.NewCommand(ctx, "remote", "add", "--mirror=push", m.RemoteName, addr).RunInDir(path); err != nil {
+		cmd := git.NewCommand(ctx, "remote", "add", "--mirror=push", m.RemoteName)
+		cmd.AddURLArgument(addr)
+		if _, err := cmd.RunInDir(path); err != nil {
 			return err
 		}
 		if _, err := git.NewCommand(ctx, "config", "--add", "remote."+m.RemoteName+".push", "+refs/heads/*:refs/heads/*").RunInDir(path); err != nil {