Skip to content

Commit

Permalink
chore(cmd/sync/github): sanitize gh token from file
Browse files Browse the repository at this point in the history
Signed-off-by: Massimiliano Giovagnoli <[email protected]>
  • Loading branch information
maxgio92 authored and poiana committed Apr 12, 2024
1 parent a524611 commit b7f9773
Showing 1 changed file with 27 additions and 6 deletions.
33 changes: 27 additions & 6 deletions cmd/sync/github/sync_github.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ import (
"fmt"
"os"
"path"
"strings"
"unicode"

"github.com/go-git/go-git/v5"
gitobject "github.com/go-git/go-git/v5/plumbing/object"
Expand Down Expand Up @@ -138,14 +140,13 @@ func (o *options) Run(_ *cobra.Command, _ []string) error {
return err
}

// Get the GitHub token from filesystem.
token, err := os.ReadFile(o.github.TokenPath)
token, err := getTokenFromFile(o.github.TokenPath)
if err != nil {
return errors.Wrap(err, "error reading token file")
return errors.Wrap(err, "error reading token from file")
}

// Build GitHub client.
githubClient, err := o.github.GitHubClientWithAccessToken(string(token))
githubClient, err := o.github.GitHubClientWithAccessToken(token)
if err != nil {
return errors.Wrap(err, "error generating github client with specified access token")
}
Expand All @@ -161,7 +162,7 @@ func (o *options) Run(_ *cobra.Command, _ []string) error {

// Clone the peribolos config repository.
repo, worktree, local, err := o.github.ForkRepository(
githubClient, o.GitHubOrg, o.orgs.ConfigRepo, string(token))
githubClient, o.GitHubOrg, o.orgs.ConfigRepo, token)
if err != nil {
return errors.Wrap(err, "error forking the config repository")
}
Expand Down Expand Up @@ -214,7 +215,7 @@ Signed-off-by: %s <%s>
if err := repo.Push(&git.PushOptions{
Auth: &githttp.BasicAuth{
Username: o.github.Username,
Password: string(token),
Password: token,
},
}); err != nil {
return errors.Wrap(err, "error pushing config update git branch")
Expand Down Expand Up @@ -311,3 +312,23 @@ func (o *options) flushConfig(config *peribolos.FullConfig, configPath string) e

return nil
}

func getTokenFromFile(path string) (string, error) {
token, err := os.ReadFile(path)
if err != nil {
return "", errors.Wrap(err, "error reading token file")
}

return removeNonPrintableChars(string(token)), nil
}

func removeNonPrintableChars(s string) string {
return strings.Map(func(r rune) rune {
switch {
case unicode.IsPrint(r):
return r
default:
return -1
}
}, s)
}

0 comments on commit b7f9773

Please sign in to comment.