From e57f7639379c8561a8109b35d171a1540d75577e Mon Sep 17 00:00:00 2001 From: mrsdizzie Date: Thu, 19 Dec 2019 04:49:48 -0500 Subject: [PATCH] Add migration to sanitize repository original_url (#9423) * Add migration to sanitize repository original_url During a large code move in #6200 the OriginalURL field was accidentially changed to be populated with the CloneAddr field which will contain the username and/or password provided during a migration. This behavior was fixed in previous PR #9097 and this migration will remove any authentication details that were stored in the database between those two. * use net/url to rebuild URL instead of strings.Replace * Update models/migrations/migrations.go * changes per lunny * make fmt --- models/migrations/migrations.go | 2 ++ models/migrations/v114.go | 52 +++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 models/migrations/v114.go diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go index cbea5a95d..923b5f575 100644 --- a/models/migrations/migrations.go +++ b/models/migrations/migrations.go @@ -282,6 +282,8 @@ var migrations = []Migration{ NewMigration("remove release attachments which repository deleted", removeAttachmentMissedRepo), // v113 -> v114 NewMigration("new feature: change target branch of pull requests", featureChangeTargetBranch), + // v114 -> v115 + NewMigration("Remove authentication credentials from stored URL", sanitizeOriginalURL), } // Migrate database to current version diff --git a/models/migrations/v114.go b/models/migrations/v114.go new file mode 100644 index 000000000..25a187f6e --- /dev/null +++ b/models/migrations/v114.go @@ -0,0 +1,52 @@ +// Copyright 2019 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package migrations + +import ( + "net/url" + + "xorm.io/xorm" +) + +func sanitizeOriginalURL(x *xorm.Engine) error { + + type Repository struct { + ID int64 + OriginalURL string `xorm:"VARCHAR(2048)"` + } + + var last int + const batchSize = 50 + for { + var results = make([]Repository, 0, batchSize) + err := x.Where("original_url <> '' AND original_url IS NOT NULL"). + And("original_service_type = 0 OR original_service_type IS NULL"). + OrderBy("id"). + Limit(batchSize, last). + Find(&results) + if err != nil { + return err + } + if len(results) == 0 { + break + } + last += len(results) + + for _, res := range results { + u, err := url.Parse(res.OriginalURL) + if err != nil { + // it is ok to continue here, we only care about fixing URLs that we can read + continue + } + u.User = nil + originalURL := u.String() + _, err = x.Exec("UPDATE repository SET original_url = ? WHERE id = ?", originalURL, res.ID) + if err != nil { + return err + } + } + } + return nil +}