Mercurial > hg > mercurial
changeset 1017:20fd54ecec57 Jaipur-2018.2.x
TW-60220: remove web server response from the exception message
author | pavel.sher |
---|---|
date | Fri, 03 May 2019 11:05:52 +0200 |
parents | cf8ced96317d |
children | |
files | mercurial-common/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/command/CommandResult.java mercurial-tests/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/command/IdentifyCommandTest.java |
diffstat | 2 files changed, 37 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial-common/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/command/CommandResult.java Fri May 03 10:22:42 2019 +0200 +++ b/mercurial-common/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/command/CommandResult.java Fri May 03 11:05:52 2019 +0200 @@ -209,6 +209,15 @@ String stderr = getSecureStderr(); if (!isEmptyOrSpaces(stderr)) { message.append("\n"); + + // for security reasons, see https://youtrack.jetbrains.com/issue/TW-60220 + // we don't want to add response of a web server to the message as it can be shown to a user and can expose some data + int webServerOutputStart = stderr.indexOf("---%<---"); + if (webServerOutputStart > 0) { + stderr = stderr.substring(0, webServerOutputStart); + stderr += "<see complete output of the command in teamcity-vcs.log file>"; + } + int limit = mySettings.getExceptionOutputLimit(); if (stderr.length() < limit || limit == -1) { message.append("stderr: ").append(stderr);
--- a/mercurial-tests/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/command/IdentifyCommandTest.java Fri May 03 10:22:42 2019 +0200 +++ b/mercurial-tests/src/jetbrains/buildServer/buildTriggers/vcs/mercurial/command/IdentifyCommandTest.java Fri May 03 11:05:52 2019 +0200 @@ -16,10 +16,13 @@ package jetbrains.buildServer.buildTriggers.vcs.mercurial.command; +import jetbrains.buildServer.util.SimpleHttpServer; +import jetbrains.buildServer.util.SimpleHttpServerBase; import jetbrains.buildServer.vcs.VcsException; import org.testng.annotations.Test; import java.io.IOException; +import java.util.Collections; /** * @author dmitry.neverov @@ -62,6 +65,31 @@ }); } + public void do_not_include_web_service_output_in_identify_command_error_message() throws IOException, VcsException { + SimpleHttpServer httpServer = new SimpleHttpServer(); + httpServer.setResponse(SimpleHttpServerBase.STATUS_LINE_200, Collections.singletonList("Content-type: text/html"), "Some response from web server"); + httpServer.start(); + + final String url = "http://localhost:" + httpServer.getPort(); + + try { + setRepository("mercurial-tests/testData/rep1", true); + runCommand((root, hgPathProvider, workingDir) -> { + new IdentifyCommand(new TestCommandSettingsFactory().create(), hgPathProvider.getHgPath(root), workingDir, root.getAuthSettings()) + .repository(url) + .withAuthSettings(new AuthSettings()) + .call(); + return null; + }); + fail("VcsException expected"); + } catch (VcsException e) { + assertFalse(e.getMessage().contains("Some response from web server")); + System.out.println(e.getMessage()); + } finally { + httpServer.stop(); + } + } + private void runIdentify(final ChangeSet cset) throws IOException, VcsException { runCommand((root, hgPathProvider, workingDir) -> { new IdentifyCommand(new TestCommandSettingsFactory().create(), hgPathProvider.getHgPath(root), workingDir, root.getAuthSettings())