Skip to content

secret analyzer of sast CI job has system errors on gitlab-org/gitlab's CI pipeline

Summary

secrets analyzer of sast CI job has system errors on gitlab-org/gitlab's CI pipeline and no clue to confirm if the secret detection works well.

Steps to reproduce

n/a

Example Project

https://gitlab.com/gitlab-org/gitlab/-/jobs/434056330

What is the current bug behavior?

Users are seeing the following error messages:

2020/02/12 02:53:01 [secrets] Starting analyzer...
Could not parse url: parse http://elastic:changeme@elasticsearch:9200"
: net/url: invalid control character in URL
Could not parse url: parse https://user:password@secondary.tld`.
: net/url: invalid control character in URL
Could not parse url: parse https://<key>:<secret>@sentry.io/<project>"
: net/url: invalid control character in URL
Could not parse url: parse https://username:password@gitlab.company.com/group/project.git`
: net/url: invalid control character in URL
Could not parse url: parse http://<username>:<password>@<elastic_host>:9200/`).: net/url: invalid userinfo
Could not parse url: parse https://gitlab-ci-token:abcde-1234ABCD5678ef@example.com/gitlab-org/gitlab-foss.git"
: net/url: invalid control character in URL
Could not parse url: parse http://<username>:<password>@<elastic_host>:9200/`).: net/url: invalid userinfo
Could not parse url: parse postgres://user:password@postgres-host:postgres-port/postgres-database
: net/url: invalid control character in URL
Could not parse url: parse mysql://username:password@host/gitlabhq_production
: net/url: invalid control character in URL
Could not parse url: parse http://<username>:<deploy_token>@gitlab.example.com/tanuki/awesome_project.git
: net/url: invalid control character in URL
Could not parse url: parse https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/<user>/<mydependentrepo>.git
: net/url: invalid control character in URL
Could not parse url: parse https://*****:*****@github.com/<your_github_group>/<your_github_project>.git`.
: net/url: invalid control character in URL
Could not parse url: parse http://user:foo@example.com')
: net/url: invalid control character in URL
Could not parse url: parse http://user:pass@test.url')
: net/url: invalid control character in URL
Could not parse url: parse postgresql://postgres:postgres@postgres:5432/$POSTGRES_DB"
: net/url: invalid control character in URL
Could not parse url: parse postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${DB_HOST}:5432/${POSTGRES_DB}"
: net/url: invalid control character in URL
Could not parse url: parse postgresql://postgres:postgres@postgres:5432/$POSTGRES_DB"
: net/url: invalid control character in URL
Could not parse url: parse postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${CI_ENVIRONMENT_SLUG}-postgres:5432/${POSTGRES_DB}
: net/url: invalid control character in URL
Could not parse url: parse http://user:pass@somehost.com/wd/hub"
: net/url: invalid control character in URL
Could not parse url: parse https://user:password@url.com"
: net/url: invalid control character in URL
Could not parse url: parse https://user:password@github.com/vim/vim.git')
: net/url: invalid control character in URL
Could not parse url: parse http://secretuser:secretpass@jenkins.example.com:8888/job/test1/scm/bySHA1/12d65c")
: net/url: invalid control character in URL
Could not parse url: parse http://bob:pass@foo.com:8080')).to: invalid port ":8080')).to" after host
Could not parse url: parse https://x-token-auth:abc@bibucket.org/test/test.git')
: net/url: invalid control character in URL
Could not parse url: parse http://bitbucket:test@my-bitbucket',
: net/url: invalid control character in URL
Could not parse url: parse https://oauth2:asdffg@gitlab.com/asd/vim.git")
: net/url: invalid control character in URL
Could not parse url: parse http://test:123@example.com'}
: net/url: invalid control character in URL
Could not parse url: parse http://$user:password@github.com/t.git')
: net/url: invalid control character in URL
Could not parse url: parse http://$user:password@invalid.invalid')
: net/url: invalid control character in URL
Could not parse url: parse http://user:password@www.gitlab.com/demo/repo.git'}
: net/url: invalid control character in URL

What is the expected correct behavior?

Users should not see any system error messages.