From ea30d60ca4150076b090bec14327112adb950eb7 Mon Sep 17 00:00:00 2001
From: Robert Dailey <rcdailey@gmail.com>
Date: Sun, 20 Mar 2022 22:30:08 -0500
Subject: [PATCH] fix(radarr): Sanitize URLs in HTTP exception messages

Relates to #17
---
 CHANGELOG.md                               |  3 +++
 debugging/docker-compose.yml               |  3 +--
 src/Trash/Command/RadarrCommand.cs         |  3 ++-
 src/TrashLib/Extensions/FlurlExtensions.cs | 15 +++++++++------
 4 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 07d786bb..0e90300f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Do not follow HTTP redirects and instead issue a warning to the user that they are potentially
   using the wrong URL.
+- Radarr: Sanitize URLs in HTTP exception messages ([#17]).
+
+[#17]: https://github.com/rcdailey/trash-updater/issues/17
 
 ## [1.8.2] - 2022-03-06
 
diff --git a/debugging/docker-compose.yml b/debugging/docker-compose.yml
index 4feb4660..3fcb8aac 100644
--- a/debugging/docker-compose.yml
+++ b/debugging/docker-compose.yml
@@ -7,11 +7,10 @@ volumes:
 
 services:
   radarr1:
-    image: ghcr.io/hotio/radarr:nightly
+    image: ghcr.io/hotio/radarr
     network_mode: bridge
     ports:
       - 7878:7878
-      - 9898:9898
     volumes:
       - radarr1:/config
       - ./certs:/certs:ro
diff --git a/src/Trash/Command/RadarrCommand.cs b/src/Trash/Command/RadarrCommand.cs
index f2dc7177..85612b29 100644
--- a/src/Trash/Command/RadarrCommand.cs
+++ b/src/Trash/Command/RadarrCommand.cs
@@ -5,6 +5,7 @@ using Serilog;
 using Serilog.Core;
 using Trash.Config;
 using TrashLib.Config.Settings;
+using TrashLib.Extensions;
 using TrashLib.Radarr.Config;
 using TrashLib.Radarr.CustomFormat;
 using TrashLib.Radarr.QualityDefinition;
@@ -59,7 +60,7 @@ public class RadarrCommand : ServiceCommand
         }
         catch (FlurlHttpException e)
         {
-            _log.Error(e, "HTTP error while communicating with Radarr");
+            _log.Error("HTTP error while communicating with Radarr: {Msg}", e.SanitizedExceptionMessage());
             ExitDueToFailure();
         }
     }
diff --git a/src/TrashLib/Extensions/FlurlExtensions.cs b/src/TrashLib/Extensions/FlurlExtensions.cs
index a9095b3e..33b19b86 100644
--- a/src/TrashLib/Extensions/FlurlExtensions.cs
+++ b/src/TrashLib/Extensions/FlurlExtensions.cs
@@ -1,3 +1,4 @@
+using System.Text.RegularExpressions;
 using Flurl;
 using Flurl.Http;
 using Serilog;
@@ -6,20 +7,22 @@ namespace TrashLib.Extensions;
 
 public static class FlurlExtensions
 {
-    public static IFlurlRequest SanitizedLogging(this Uri url, ILogger log)
-        => new FlurlRequest(url).SanitizedLogging(log);
-
     public static IFlurlRequest SanitizedLogging(this Url url, ILogger log)
         => new FlurlRequest(url).SanitizedLogging(log);
 
-    public static IFlurlRequest SanitizedLogging(this string url, ILogger log)
-        => new FlurlRequest(url).SanitizedLogging(log);
-
     public static IFlurlRequest SanitizedLogging(this IFlurlRequest request, ILogger log)
     {
         return request.ConfigureRequest(settings => FlurlLogging.SetupLogging(settings, log, SanitizeUrl));
     }
 
+    public static string SanitizedExceptionMessage(this FlurlHttpException exception)
+    {
+        const string expression =
+            @"https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}(\:[0-9]+)?\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)";
+
+        return Regex.Replace(exception.ToString(), expression, match => SanitizeUrl(match.Value).ToString());
+    }
+
     private static Url SanitizeUrl(Url url)
     {
         // Replace hostname and API key for user privacy