Prevent cli from sending git credentials (#1988)

Author: JakeDawkins

CHANGELOG.md

@@ -3,7 +3,7 @@
 ## Upcoming
 
 - `apollo`
-  - <First `apollo` related entry goes here>
+  - Prevent cli from sending some git credentials [#1988](https://github.com/apollographql/apollo-tooling/pull/1988)
 - `apollo-codegen-flow`
   - <First `apollo-codegen-flow` related entry goes here>
 - `apollo-codegen-scala`

package-lock.json

@@ -54,6 +54,7 @@
     "gaze": "1.1.3",
     "git-parse": "1.0.4",
     "git-rev-sync": "2.0.0",
+    "git-url-parse": "^11.1.2",
     "glob": "7.1.5",
     "graphql": "14.0.2 - 14.2.0 || ^14.3.1",
     "graphql-tag": "2.10.3",

packages/apollo/package.json

@@ -1,4 +1,4 @@
-import { gitInfo } from "../git";
+import { gitInfo, sanitizeGitRemote } from "../git";
 
 describe("Git integration", () => {
   it("Returns commit, branch, message, committer, and remoteUrl", async () => {
@@ -17,3 +17,78 @@ describe("Git integration", () => {
     expect(info.branch).toBeDefined();
   });
 });
+
+describe("strip usernames/passwords from git remotes", () => {
+  it("returns empty for unknown remotes", () => {
+    let clean = sanitizeGitRemote("https://un@gitlab.com/apollographql/test");
+    expect(clean).toBeNull();
+  });
+  it("removes username from remote with only a username present", () => {
+    let clean = sanitizeGitRemote(
+      "https://un@bitbucket.com/apollographql/test"
+    );
+    expect(clean).toEqual("https://REDACTED@bitbucket.com/apollographql/test");
+  });
+  it("does not mind case", () => {
+    let clean = sanitizeGitRemote("https://un@GITHUB.com/apollographql/test");
+    expect(clean).toEqual("https://REDACTED@GITHUB.com/apollographql/test");
+  });
+  it("strips usernames from ssh urls", () => {
+    let clean = sanitizeGitRemote("ssh://un%401@github.com/apollographql/test");
+    expect(clean).toEqual("REDACTED@github.com:apollographql/test");
+  });
+  it("works properly with (allowed) special characters in username/password", () => {
+    let clean = sanitizeGitRemote(
+      "https://un:p%40ssw%3Ard@github.com/apollographql/test"
+    );
+    expect(clean).toEqual("https://REDACTED@github.com/apollographql/test");
+
+    let bbClean = sanitizeGitRemote(
+      "https://un:p%40ssw%3Ard@bitbucket.com/apollographql/test"
+    );
+    expect(bbClean).toEqual(
+      "https://REDACTED@bitbucket.com/apollographql/test"
+    );
+  });
+  it("works with non-url remotes from github with git user ONLY", () => {
+    let clean = sanitizeGitRemote(
+      "git@github.com:apollographql/apollo-tooling.git"
+    );
+    expect(clean).toEqual("git@github.com:apollographql/apollo-tooling.git");
+
+    let clean2 = sanitizeGitRemote(
+      "bob@github.com:apollographql/apollo-tooling.git"
+    );
+    expect(clean2).toEqual(
+      "REDACTED@github.com:apollographql/apollo-tooling.git"
+    );
+  });
+  it("works with non-url remotes from bitbucket with git user ONLY", () => {
+    let clean = sanitizeGitRemote(
+      "git@bitbucket.com:apollographql/apollo-tooling.git"
+    );
+    expect(clean).toEqual("git@bitbucket.com:apollographql/apollo-tooling.git");
+
+    let clean2 = sanitizeGitRemote(
+      "bob@bitbucket.com:apollographql/apollo-tooling.git"
+    );
+    expect(clean2).toEqual(
+      "REDACTED@bitbucket.com:apollographql/apollo-tooling.git"
+    );
+  });
+  it("does not allow non-url remotes from unrecognized providers (not github)", () => {
+    let clean = sanitizeGitRemote(
+      "git@lab.com:apollographql/apollo-tooling.git"
+    );
+    expect(clean).toBeNull();
+  });
+  // TODO maybe fix this in the future?
+  // git-url-parse right now just uses the dirty `href` if the protocol is unknow
+  // https://github.com/IonicaBizau/git-url-parse/blob/master/lib/index.js#L216-L217
+  it("returns null with unknown protocols", () => {
+    let clean = sanitizeGitRemote(
+      "git+http://un:p%40sswrd@github.com/apollographql/test"
+    );
+    expect(clean).toBeNull();
+  });
+});

packages/apollo/src/__tests__/git.test.ts

@@ -6,6 +6,7 @@ import git from "git-rev-sync";
 import pickBy from "lodash.pickby";
 import identity from "lodash.identity";
 import Command from "@oclif/command";
+import gitUrlParse from "git-url-parse";
 
 const findGitRoot = (start?: string | string[]): string | void => {
   start = start || process.cwd();
@@ -23,6 +24,35 @@ const findGitRoot = (start?: string | string[]): string | void => {
   }
 };
 
+/**
+ * remove any username and password info from the
+ * git remote (`git ls-remote --get-url`)
+ *
+ * This can be made more generic in the future, allowing for more options
+ * for git providers. right now, we only support github & bitbucket. other remotes
+ * serve no purpose currently in graph manager.
+ */
+
+export const sanitizeGitRemote = (remote?: string) => {
+  if (!remote) return null;
+  const info = gitUrlParse(remote);
+
+  // we only support github and bitbucket sources
+  const source = info.source.toLowerCase();
+  if (source !== "github.com" && source !== "bitbucket.com") return null;
+
+  if (info.user !== "" && info.user !== "git") {
+    info.user = "REDACTED";
+  }
+
+  // just to make sure that with an unknown `protocol` that stringify doesn't
+  // just print the old, dirty url
+  // https://github.com/IonicaBizau/git-url-parse/blob/0b362b3e3b91a23ae58355fd2160523f0abde5d9/lib/index.js#L216-L217
+  info.href = null;
+
+  return gitUrlParse.stringify(info);
+};
+
 export interface Commit {
   authorName: string | null;
   authorEmail: string | null;
@@ -71,7 +101,7 @@ export const gitInfo = async (
     // The remoteUrl call can fail and throw an error
     // https://github.com/kurttheviking/git-rev-sync-js#gitremoteurl--string
     try {
-      remoteUrl = git.remoteUrl();
+      remoteUrl = sanitizeGitRemote(git.remoteUrl());
     } catch (e) {
       log(["Unable to retrieve remote url, failed with:", e].join("\n\n"));
     }