diff options
author | Nick Vatamaniuc <vatamane@apache.org> | 2020-09-09 13:21:17 -0400 |
---|---|---|
committer | Nick Vatamaniuc <nickva@users.noreply.github.com> | 2020-09-09 15:12:51 -0400 |
commit | e171c63591fb948a1da666e3321f7622a2978df0 (patch) | |
tree | 74310864f0a243d67fd5a7cae3a66e5707b717e5 | |
parent | f16e06d9cd70f074b01c9c6fb13a25d6f1c55730 (diff) | |
download | couchdb-e171c63591fb948a1da666e3321f7622a2978df0.tar.gz |
Handle malformed URLs when stripping URL creds in couch_replicator
Previously there was an error thrown which prevented emitting _scheduler/docs
responses. Instead of throwing an error, return `null` if the URL cannot be
parsed.
-rw-r--r-- | src/couch_replicator/src/couch_replicator.erl | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/src/couch_replicator/src/couch_replicator.erl b/src/couch_replicator/src/couch_replicator.erl index b38f31b59..b169dccb1 100644 --- a/src/couch_replicator/src/couch_replicator.erl +++ b/src/couch_replicator/src/couch_replicator.erl @@ -141,7 +141,11 @@ strip_url_creds(Endpoint) -> iolist_to_binary(couch_util:url_strip_password(Url)) catch throw:{error, local_endpoints_not_supported} -> - Endpoint + Endpoint; + error:_ -> + % Avoid exposing any part of the URL in case there is a password in + % the malformed endpoint URL + null end. @@ -356,7 +360,8 @@ strip_url_creds_test_() -> [ t_strip_http_basic_creds(), t_strip_http_props_creds(), - t_strip_local_db_creds() + t_strip_local_db_creds(), + t_strip_url_creds_errors() ] }. @@ -389,4 +394,23 @@ t_strip_http_props_creds() -> ?assertEqual(<<"http://host/db/">>, strip_url_creds(Props2)) end). + +t_strip_url_creds_errors() -> + ?_test(begin + Bad1 = {[{<<"url">>, <<"http://adm:pass/bad">>}]}, + ?assertEqual(null, strip_url_creds(Bad1)), + Bad2 = {[{<<"garbage">>, <<"more garbage">>}]}, + ?assertEqual(null, strip_url_creds(Bad2)), + Bad3 = <<"http://a:b:c">>, + ?assertEqual(null, strip_url_creds(Bad3)), + Bad4 = <<"http://adm:pass:pass/bad">>, + ?assertEqual(null, strip_url_creds(Bad4)), + ?assertEqual(null, strip_url_creds(null)), + ?assertEqual(null, strip_url_creds(42)), + ?assertEqual(null, strip_url_creds([<<"a">>, <<"b">>])), + Bad5 = {[{<<"source_proxy">>, <<"http://adm:pass/bad">>}]}, + ?assertEqual(null, strip_url_creds(Bad5)) + end). + + -endif. |