public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Url: fix sanitize for new github tokens (#10048)

pull/10051/head
Stephan 2021-08-11 12:24:41 +01:00 committed by GitHub
parent c7d11f361c
commit c65bd832d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Composer/Util/Url.php
View File

@ -110,8 +110,8 @@ class Url
$url = preg_replace('{([&?]access_token=)[^&]+}', '$1***', $url);
$url = preg_replace_callback('{^(?P<prefix>[a-z0-9]+://)?(?P<user>[^:/\s@]+):(?P<password>[^@\s/]+)@}i', function ($m) {
// if the username looks like a long (12char+) hex string, or a modern github token (e.g. gp1_xxx) we obfuscate that
if (preg_match('{^([a-f0-9]{12,}|g[a-z]\d_[a-zA-Z0-9_]+)$}', $m['user'])) {
// if the username looks like a long (12char+) hex string, or a modern github token (e.g. ghp_xxx) we obfuscate that
if (preg_match('{^([a-f0-9]{12,}|gh[a-z]_[a-zA-Z0-9_]+)$}', $m['user'])) {
return $m['prefix'].'***:***@';
}

1
tests/Composer/Test/Util/UrlTest.php
View File

@ -78,6 +78,7 @@ class UrlTest extends TestCase
array('https://foo:***@example.org:123/', 'https://foo:bar@example.org:123/'),
array('https://example.org/foo/bar?access_token=***', 'https://example.org/foo/bar?access_token=abcdef'),
array('https://example.org/foo/bar?foo=bar&access_token=***', 'https://example.org/foo/bar?foo=bar&access_token=abcdef'),
array('https://***:***@github.com/acme/repo', 'https://ghp_1234567890abcdefghijklmnopqrstuvwxyzAB:x-oauth-basic@github.com/acme/repo'),
// without scheme
array('foo:***@example.org/', 'foo:bar@example.org/'),
array('foo@example.org/', 'foo@example.org/'),