From 807b79620bd97b46af6e4bfd40f1195420eacdc3 Mon Sep 17 00:00:00 2001
From: Tobias <tobias.gabriel@sap.com>
Date: Fri, 21 Jul 2023 19:29:25 +0200
Subject: [PATCH] fix(git-submodule): remove token injection from submodule URL
(#23458)
---
.../manager/git-submodules/extract.spec.ts | 36 +++++++++++++++++++
lib/modules/manager/git-submodules/extract.ts | 11 ++----
2 files changed, 39 insertions(+), 8 deletions(-)
diff --git a/lib/modules/manager/git-submodules/extract.spec.ts b/lib/modules/manager/git-submodules/extract.spec.ts
index a297bcceff..f4687a3092 100644
--- a/lib/modules/manager/git-submodules/extract.spec.ts
+++ b/lib/modules/manager/git-submodules/extract.spec.ts
@@ -78,6 +78,42 @@ describe('modules/manager/git-submodules/extract', () => {
GIT_CONFIG_VALUE_1: 'git@github.com:',
GIT_CONFIG_VALUE_2: 'https://github.com/',
});
+ expect(gitMock.listRemote).toHaveBeenCalledWith([
+ '--symref',
+ 'https://github.com/PowerShell/PowerShell-Docs',
+ 'HEAD',
+ ]);
+ });
+
+ it('combined token from host rule is used to detect branch', async () => {
+ gitMock.listRemote.mockResolvedValueOnce(
+ 'ref: refs/heads/main HEAD\n5701164b9f5edba1f6ca114c491a564ffb55a964 HEAD'
+ );
+ hostRules.add({
+ hostType: 'github',
+ matchHost: 'github.com',
+ token: 'x-access-token:ghs_abc123',
+ });
+ const res = await extractPackageFile('', '.gitmodules.2', {});
+ expect(res?.deps).toHaveLength(1);
+ expect(res?.deps[0].currentValue).toBe('main');
+ expect(gitMock.env).toHaveBeenCalledWith({
+ GIT_CONFIG_COUNT: '3',
+ GIT_CONFIG_KEY_0:
+ 'url.https://x-access-token:ghs_abc123@github.com/.insteadOf',
+ GIT_CONFIG_KEY_1:
+ 'url.https://x-access-token:ghs_abc123@github.com/.insteadOf',
+ GIT_CONFIG_KEY_2:
+ 'url.https://x-access-token:ghs_abc123@github.com/.insteadOf',
+ GIT_CONFIG_VALUE_0: 'ssh://git@github.com/',
+ GIT_CONFIG_VALUE_1: 'git@github.com:',
+ GIT_CONFIG_VALUE_2: 'https://github.com/',
+ });
+ expect(gitMock.listRemote).toHaveBeenCalledWith([
+ '--symref',
+ 'https://github.com/PowerShell/PowerShell-Docs',
+ 'HEAD',
+ ]);
});
it('default to master if no branch can be detected', async () => {
diff --git a/lib/modules/manager/git-submodules/extract.ts b/lib/modules/manager/git-submodules/extract.ts
index b38aef1677..25a8f0abdb 100644
--- a/lib/modules/manager/git-submodules/extract.ts
+++ b/lib/modules/manager/git-submodules/extract.ts
@@ -3,10 +3,9 @@ import Git, { SimpleGit } from 'simple-git';
import upath from 'upath';
import { GlobalConfig } from '../../../config/global';
import { logger } from '../../../logger';
-import { detectPlatform } from '../../../util/common';
import { getGitEnvironmentVariables } from '../../../util/git/auth';
import { simpleGitConfig } from '../../../util/git/config';
-import { getHttpUrl, getRemoteUrlWithToken } from '../../../util/git/url';
+import { getHttpUrl } from '../../../util/git/url';
import { regEx } from '../../../util/regex';
import { GitRefsDatasource } from '../../datasource/git-refs';
import type { ExtractConfig, PackageFileContent } from '../types';
@@ -119,11 +118,7 @@ export default async function extractPackageFile(
.replace(regEx(/^[-+]/), '')
.split(regEx(/\s/));
const subModuleUrl = await getUrl(git, gitModulesPath, name);
- // hostRules only understands HTTP URLs
- // Find HTTP URL, then apply token
- let httpSubModuleUrl = getHttpUrl(subModuleUrl);
- const hostType = detectPlatform(httpSubModuleUrl) ?? GitRefsDatasource.id;
- httpSubModuleUrl = getRemoteUrlWithToken(httpSubModuleUrl, hostType);
+ const httpSubModuleUrl = getHttpUrl(subModuleUrl);
const currentValue = await getBranch(
gitModulesPath,
name,
@@ -131,7 +126,7 @@ export default async function extractPackageFile(
);
deps.push({
depName: path,
- packageName: getHttpUrl(subModuleUrl),
+ packageName: httpSubModuleUrl,
currentValue,
currentDigest,
});
--
GitLab