From ff67cabc3e3839ef4b539805ed54b5c826b6f446 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Mon, 4 Sep 2023 15:19:36 +0800
Subject: [PATCH 30/33] mask proxy informations

Signed-off-by: haozi007 <liuhao27@huawei.com>
---
 .../container_cb/execution_information.c      | 86 ++++++++++++++++---
 1 file changed, 74 insertions(+), 12 deletions(-)

diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c
index 2f3d3627..86bb2894 100644
--- a/src/daemon/executor/container_cb/execution_information.c
+++ b/src/daemon/executor/container_cb/execution_information.c
@@ -176,24 +176,83 @@ out:
 static int get_proxy_env(char **proxy, const char *type)
 {
     int ret = 0;
-    char *tmp = NULL;
-
-    *proxy = getenv(type);
-    if (*proxy == NULL) {
-        tmp = util_strings_to_upper(type);
+    int nret;
+    char *tmp_proxy = NULL;
+    char *col_pos = NULL;
+    char *at_pos = NULL;
+    size_t proxy_len;
+    const char *mask_str = "//xxxx:xxxx";
+
+    tmp_proxy = getenv(type);
+    if (tmp_proxy == NULL) {
+        char *tmp = util_strings_to_upper(type);
         if (tmp == NULL) {
             ERROR("Failed to upper string!");
-            ret = -1;
-            goto out;
-        }
-        *proxy = getenv(tmp);
-        if (*proxy == NULL) {
-            *proxy = "";
+            return -1;
         }
+        tmp_proxy = getenv(tmp);
+        free(tmp);
+    }
+
+    if (tmp_proxy == NULL) {
+        return 0;
+    }
+
+    if (strlen(tmp_proxy) >= PATH_MAX) {
+        ERROR("Too long proxy string.");
+        return -1;
+    }
+    tmp_proxy = util_strdup_s(tmp_proxy);
+
+    if (strcmp(NO_PROXY, type) == 0) {
+        *proxy = tmp_proxy;
+        return 0;
+    }
+
+    // mask username and password of proxy
+    col_pos = strchr(tmp_proxy, ':');
+    if (col_pos == NULL) {
+        ERROR("Invalid proxy.");
+        ret = -1;
+        goto out;
+    }
+    at_pos = strrchr(tmp_proxy, '@');
+    if (at_pos == NULL) {
+        // no '@', represent no user information in proxy,
+        // just return original proxy
+        *proxy = tmp_proxy;
+        return 0;
+    }
+
+    // first colon position must before than at position
+    if ((at_pos - col_pos) < 0) {
+        ret = -1;
+        goto out;
     }
 
+    // proxy with userinfo format like: 'http://xxx:xxx@xxxx.com'
+    // so masked proxy length = len(proxy) - (pos(@) - pos(:) + 1) + len(mask-str) + '\0'
+    proxy_len = strlen(tmp_proxy);
+    proxy_len -= (at_pos - tmp_proxy);
+    proxy_len += (col_pos - tmp_proxy) + 1;
+    proxy_len += strlen(mask_str) + 1;
+    *proxy = util_common_calloc_s(proxy_len);
+    if (*proxy == NULL) {
+        ERROR("Out of memory");
+        ret = -1;
+        goto out;
+    }
+    *col_pos = '\0';
+    nret = snprintf(*proxy, proxy_len, "%s:%s%s", tmp_proxy, mask_str, at_pos);
+    if (nret < 0 || nret >= proxy_len) {
+        ret = -1;
+        free(*proxy);
+        *proxy = NULL;
+        goto out;
+    }
+    
 out:
-    free(tmp);
+    util_free_sensitive_string(tmp_proxy);
     return ret;
 }
 
@@ -340,6 +399,9 @@ static int isulad_info_cb(const host_info_request *request, host_info_response *
 #endif
 
 pack_response:
+    free(http_proxy);
+    free(https_proxy);
+    free(no_proxy);
     if (*response != NULL) {
         (*response)->cc = cc;
     }
-- 
2.40.1