public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Update URL masking patterns for new GitHub fine-grained PATs 

Updates GitHub Personal Access Token regex pattern to detect new [fine-grained PATs](https://github.blog/changelog/2022-10-18-introducing-fine-grained-personal-access-tokens/)
pull/11150/head
Ayesh Karunaratne 2022-10-20 16:28:51 +05:30 committed by Jordi Boggiano
parent 855473148a
commit 90673e4f66
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Composer/Util/Url.php
View File

@ -111,7 +111,7 @@ class Url
$url = Preg::replaceCallback('{^(?P<prefix>[a-z0-9]+://)?(?P<user>[^:/\s@]+):(?P<password>[^@\s/]+)@}i', static function ($m): string {
// if the username looks like a long (12char+) hex string, or a modern github token (e.g. ghp_xxx) we obfuscate that
if (Preg::isMatch('{^([a-f0-9]{12,}|gh[a-z]_[a-zA-Z0-9_]+)$}', $m['user'])) {
if (Preg::isMatch('{^([a-f0-9]{12,}|gh[a-z]_[a-zA-Z0-9_]+|github_pat_[a-zA-Z0-9_]+)$}', $m['user'])) {
return $m['prefix'].'***:***@';
}

1
tests/Composer/Test/Util/UrlTest.php
View File

@ -82,6 +82,7 @@ class UrlTest extends TestCase
['https://example.org/foo/bar?access_token=***', 'https://example.org/foo/bar?access_token=abcdef'],
['https://example.org/foo/bar?foo=bar&access_token=***', 'https://example.org/foo/bar?foo=bar&access_token=abcdef'],
['https://***:***@github.com/acme/repo', 'https://ghp_1234567890abcdefghijklmnopqrstuvwxyzAB:x-oauth-basic@github.com/acme/repo'],
['https://***:***@github.com/acme/repo', 'https://github_pat_1234567890abcdefghijkl_1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVW:x-oauth-basic@github.com/acme/repo'],
// without scheme
['foo:***@example.org/', 'foo:bar@example.org/'],
['foo@example.org/', 'foo@example.org/'],