diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2020-10-05 12:58:46 +0300 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2020-10-05 12:58:46 +0300 |
| commit | 6cedfe27ac566e7de7d0c24778c4280e8311bbec (patch) | |
| tree | 3d217fe42e9e7095954c3279eda778cc26fd4552 | |
| parent | 8a794021c42baf8e1c12ae5e8e8313b66443002e (diff) | |
| download | apk-tools-6cedfe27ac566e7de7d0c24778c4280e8311bbec.tar.gz apk-tools-6cedfe27ac566e7de7d0c24778c4280e8311bbec.tar.bz2 apk-tools-6cedfe27ac566e7de7d0c24778c4280e8311bbec.tar.xz apk-tools-6cedfe27ac566e7de7d0c24778c4280e8311bbec.zip | |
db: mask password component of printed URLs
fixes #10710
| -rw-r--r-- | src/apk_print.h | 12 | ||||
| -rw-r--r-- | src/database.c | 31 | ||||
| -rw-r--r-- | src/print.c | 24 |
3 files changed, 55 insertions, 12 deletions
diff --git a/src/apk_print.h b/src/apk_print.h index acc6981..8e4dd46 100644 --- a/src/apk_print.h +++ b/src/apk_print.h @@ -12,6 +12,18 @@ #include "apk_blob.h" +struct apk_url_print { + const char *url; + const char *pwmask; + const char *url_or_host; + size_t len_before_pw; +}; + +void apk_url_parse(struct apk_url_print *, const char *); + +#define URL_FMT "%.*s%s%s" +#define URL_PRINTF(u) u.len_before_pw, u.url, u.pwmask, u.url_or_host + #define apk_error(args...) do { apk_log_err("ERROR: ", args); } while (0) #define apk_warning(args...) do { if (apk_verbosity > 0) { apk_log_err("WARNING: ", args); } } while (0) #define apk_message(args...) do { if (apk_verbosity > 0) { apk_log(NULL, args); } } while (0) diff --git a/src/database.c b/src/database.c index 04871c9..29e8ea9 100644 --- a/src/database.c +++ b/src/database.c @@ -579,14 +579,15 @@ int apk_repo_format_cache_index(apk_blob_t to, struct apk_repository *repo) return 0; } -int apk_repo_format_real_url(struct apk_database *db, struct apk_repository *repo, - struct apk_package *pkg, char *buf, size_t len) +int apk_repo_format_real_url(apk_blob_t *default_arch, struct apk_repository *repo, + struct apk_package *pkg, char *buf, size_t len, + struct apk_url_print *urlp) { apk_blob_t arch; int r; if (pkg && pkg->arch) arch = *pkg->arch; - else arch = *db->arch; + else arch = *default_arch; if (pkg != NULL) r = snprintf(buf, len, "%s%s" BLOB_FMT "/" PKG_FILE_FMT, @@ -598,6 +599,8 @@ int apk_repo_format_real_url(struct apk_database *db, struct apk_repository *rep BLOB_PRINTF(arch), apkindex_tar_gz); if (r >= len) return -ENOBUFS; + + if (urlp) apk_url_parse(urlp, buf); return 0; } @@ -609,7 +612,7 @@ int apk_repo_format_item(struct apk_database *db, struct apk_repository *repo, s return apk_pkg_format_cache_pkg(APK_BLOB_PTR_LEN(buf, len), pkg); } else { *fd = AT_FDCWD; - return apk_repo_format_real_url(db, repo, pkg, buf, len); + return apk_repo_format_real_url(db->arch, repo, pkg, buf, len, 0); } } @@ -618,6 +621,7 @@ int apk_cache_download(struct apk_database *db, struct apk_repository *repo, apk_progress_cb cb, void *cb_ctx) { struct stat st = {0}; + struct apk_url_print urlp; struct apk_istream *is; struct apk_sign_ctx sctx; char url[PATH_MAX]; @@ -633,7 +637,7 @@ int apk_cache_download(struct apk_database *db, struct apk_repository *repo, r = apk_repo_format_cache_index(b, repo); if (r < 0) return r; - r = apk_repo_format_real_url(db, repo, pkg, url, sizeof(url)); + r = apk_repo_format_real_url(db->arch, repo, pkg, url, sizeof(url), &urlp); if (r < 0) return r; if (autoupdate && !(apk_force & APK_FORCE_REFRESH)) { @@ -641,8 +645,7 @@ int apk_cache_download(struct apk_database *db, struct apk_repository *repo, now - st.st_mtime <= db->cache_max_age) return -EALREADY; } - - apk_message("fetch %s", url); + apk_message("fetch " URL_FMT, URL_PRINTF(urlp)); if (apk_flags & APK_SIMULATE) return 0; if (cb) cb(cb_ctx, 0); @@ -2140,12 +2143,14 @@ struct apk_repository *apk_db_select_repo(struct apk_database *db, static int apk_repository_update(struct apk_database *db, struct apk_repository *repo) { + struct apk_url_print urlp; int r, verify = (apk_flags & APK_ALLOW_UNTRUSTED) ? APK_SIGN_NONE : APK_SIGN_VERIFY; r = apk_cache_download(db, repo, NULL, verify, 1, NULL, NULL); if (r == -EALREADY) return 0; if (r != 0) { - apk_error("%s: %s", repo->url, apk_error_str(r)); + apk_url_parse(&urlp, repo->url); + apk_error(URL_FMT ": %s", URL_PRINTF(urlp), apk_error_str(r)); db->repo_update_errors++; } else { db->repo_update_counter++; @@ -2222,6 +2227,7 @@ int apk_db_add_repository(apk_database_t _db, apk_blob_t _repository) { struct apk_database *db = _db.db; struct apk_repository *repo; + struct apk_url_print urlp; apk_blob_t brepo, btag; int repo_num, r, targz = 1, tag_id = 0; char buf[PATH_MAX], *url; @@ -2264,8 +2270,8 @@ int apk_db_add_repository(apk_database_t _db, apk_blob_t _repository) if (!(apk_flags & APK_NO_NETWORK)) db->available_repos |= BIT(repo_num); if (apk_flags & APK_NO_CACHE) { - r = apk_repo_format_real_url(db, repo, NULL, buf, sizeof(buf)); - if (r == 0) apk_message("fetch %s", buf); + r = apk_repo_format_real_url(db->arch, repo, NULL, buf, sizeof(buf), &urlp); + if (r == 0) apk_message("fetch " URL_FMT, URL_PRINTF(urlp)); } else { if (db->autoupdate) apk_repository_update(db, repo); r = apk_repo_format_cache_index(APK_BLOB_BUF(buf), repo); @@ -2273,14 +2279,15 @@ int apk_db_add_repository(apk_database_t _db, apk_blob_t _repository) } else { db->local_repos |= BIT(repo_num); db->available_repos |= BIT(repo_num); - r = apk_repo_format_real_url(db, repo, NULL, buf, sizeof(buf)); + r = apk_repo_format_real_url(db->arch, repo, NULL, buf, sizeof(buf), &urlp); } if (r == 0) { r = load_index(db, apk_istream_from_fd_url(db->cache_fd, buf), targz, repo_num); } if (r != 0) { - apk_warning("Ignoring %s: %s", buf, apk_error_str(r)); + apk_url_parse(&urlp, repo->url); + apk_warning("Ignoring " URL_FMT ": %s", URL_PRINTF(urlp), apk_error_str(r)); db->available_repos &= ~BIT(repo_num); r = 0; } else { diff --git a/src/print.c b/src/print.c index 0b79752..38dad1c 100644 --- a/src/print.c +++ b/src/print.c @@ -211,3 +211,27 @@ void apk_log_err(const char *prefix, const char *format, ...) log_internal(stderr, prefix, format, va); va_end(va); } + +void apk_url_parse(struct apk_url_print *urlp, const char *url) +{ + const char *authority, *path_or_host, *pw; + + *urlp = (struct apk_url_print) { + .url = "", + .pwmask = "", + .url_or_host = url, + }; + + if (!(authority = strstr(url, "://"))) return; + authority += 3; + path_or_host = strpbrk(authority, "/@"); + if (!path_or_host || *path_or_host == '/') return; + pw = strpbrk(authority, "@:"); + if (!pw || *pw == '@') return; + *urlp = (struct apk_url_print) { + .url = url, + .pwmask = "*", + .url_or_host = path_or_host, + .len_before_pw = pw - url + 1, + }; +} |