Skip to content

GitHub CLI gh auth login Panic on Invalid Hostname Input #9248

New issue
New issue
Closed
#9729
Closed
GitHub CLI gh auth login Panic on Invalid Hostname Input#9248
#9729
Assignees
jtmcgBagToad
Labels
bugSomething isn't workinggh-authrelating to the gh auth commandhelp wantedContributions welcomep3Affects a small number of users or is largely cosmetic
@mouismail

Description

@mouismail
mouismail
opened on Jun 24, 2024

Description

When attempting to authenticate to a GitHub Enterprise Server using the gh auth login command, providing an invalid or malformed hostname causes the CLI to panic due to an unhandled error in the URL parsing process. This behavior is observed when an extra space or invalid characters are present in the hostname.

Steps to Reproduce

  1. Run the gh auth login command.
  2. Select "GitHub Enterprise Server" as the account type.
  3. Provide a malformed hostname, e.g., mouismail-0ff7c314037fe1e88.ghe-test.org .
  4. Proceed with the login steps.

Expected Behavior

The CLI should handle the invalid hostname gracefully by either:

  1. Trimming the input to remove any extraneous spaces.
  2. Providing a clear error message indicating the invalid hostname.

Actual Behavior:

The CLI panics with the following error:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x101a04e10]

goroutine 1 [running]:
github.com/cli/oauth.GitHubHost({0x14000b12500?, 0x29?})
    github.com/cli/oauth@v1.0.1/oauth.go:32 +0x30
github.com/cli/cli/v2/internal/authflow.AuthFlow({0x14000666450, 0x29}, 0x1400044ba20, {0x0, 0x0}, {0x14000b5c4e0, 0x1, 0x100d9901c?}, 0x1, {0x103221860, ...})
    github.com/cli/cli/v2/internal/authflow/flow.go:52 +0x2bc
...

Proposed Solution:

  1. Trim Input:
    Ensure that any hostname input is trimmed of leading and trailing whitespace before processing.
  2. Handle Parsing Errors:
    Modify the GitHubHost function to return an error if the URL parsing fails and handle this error appropriately.
  3. Deprecate Faulty Functions:
    Introduce a new function (e.g., NewHost or ParseGitHubHost) that adheres to idiomatic Go error handling, and mark the old GitHubHost function as deprecated.

Relevant Code Snippets:

  • Current implementation in oauth.go: 
    func GitHubHost(hostURL string) *Host {
    u, _ := url.Parse(hostURL)

    return &Host{
        DeviceCodeURL: fmt.Sprintf("%s://%s/login/device/code", u.Scheme, u.Host),
        AuthorizeURL:  fmt.Sprintf("%s://%s/login/oauth/authorize", u.Scheme, u.Host),
    }
}

Proposed implementation

func NewHost(hostURL string) (*Host, error) {
    u, err := url.Parse(strings.TrimSpace(hostURL))
    if err != nil {
        return nil, err
    }

    return &Host{
        DeviceCodeURL: fmt.Sprintf("%s://%s/login/device/code", u.Scheme, u.Host),
        AuthorizeURL:  fmt.Sprintf("%s://%s/login/oauth/authorize", u.Scheme, u.Host),
    }, nil
}

Environment

  • GitHub CLI version: 2.50.0 (2024-05-29)
  • OS: MacOS

Resources

Metadata

Metadata

Assignees

Labels

bugSomething isn't workinggh-authrelating to the gh auth commandhelp wantedContributions welcomep3Affects a small number of users or is largely cosmetic

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions