feat: better repo path sanitization (argoproj#12974)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
yyzxw · Aug 9, 2023 · dfeb38b · dfeb38b
1 parent 309c362
commit dfeb38b
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go
@@ -295,7 +295,7 @@ func (s *Service) runRepoOperation(
 
 	if sanitizer, ok := grpc.SanitizerFromContext(ctx); ok {
 		// make sure randomized path replaced with '.' in the error message
-		sanitizer.AddRegexReplacement(regexp.MustCompile(`(`+regexp.QuoteMeta(s.rootDir)+`/.*?)/`), ".")
+		sanitizer.AddRegexReplacement(getRepoSanitizerRegex(s.rootDir), "<path to cached source>")
 	}
 
 	var gitClient git.Client
@@ -441,6 +441,15 @@ func (s *Service) runRepoOperation(
 	}
 }
 
+func getRepoSanitizerRegex(rootDir string) *regexp.Regexp {
+	// This regex assumes that the sensitive part of the path (the component immediately after "rootDir") contains no
+	// spaces. This assumption allows us to avoid sanitizing "more info" in "/tmp/_argocd-repo/SENSITIVE more info".
+	//
+	// The no-spaces assumption holds for our actual use case, which is "/tmp/_argocd-repo/{random UUID}". The UUID will
+	// only ever contain digits and hyphens.
+	return regexp.MustCompile(regexp.QuoteMeta(rootDir) + `/[^ /]*`)
+}
+
 type gitClientGetter func(repo *v1alpha1.Repository, revision string, opts ...git.ClientOpts) (git.Client, string, error)
 
 // resolveReferencedSources resolves the revisions for the given referenced sources. This lets us invalidate the cached

diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go
@@ -2772,3 +2772,11 @@ func Test_getResolvedValueFiles(t *testing.T) {
 		})
 	}
 }
+
+func Test_getRepoSanitizerRegex(t *testing.T) {
+	r := getRepoSanitizerRegex("/tmp/_argocd-repo")
+	msg := r.ReplaceAllString("error message containing /tmp/_argocd-repo/SENSITIVE and other stuff", "<path to cached source>")
+	assert.Equal(t, "error message containing <path to cached source> and other stuff", msg)
+	msg = r.ReplaceAllString("error message containing /tmp/_argocd-repo/SENSITIVE/with/trailing/path and other stuff", "<path to cached source>")
+	assert.Equal(t, "error message containing <path to cached source>/with/trailing/path and other stuff", msg)
+}