mirror of
https://github.com/golang/go
synced 2024-11-18 15:04:44 -07:00
net/http: strip password from error message
Strip password from URL then stringifying it to error. Fixes #24572 Change-Id: I1751ea9ccf87e7dff50c4c2a2010bf3f865702f8 Reviewed-on: https://go-review.googlesource.com/102855 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
This commit is contained in:
parent
625f2dccd4
commit
a30d24fad9
@ -515,9 +515,9 @@ func (c *Client) Do(req *Request) (*Response, error) {
|
|||||||
method := valueOrDefault(reqs[0].Method, "GET")
|
method := valueOrDefault(reqs[0].Method, "GET")
|
||||||
var urlStr string
|
var urlStr string
|
||||||
if resp != nil && resp.Request != nil {
|
if resp != nil && resp.Request != nil {
|
||||||
urlStr = resp.Request.URL.String()
|
urlStr = stripPassword(resp.Request.URL)
|
||||||
} else {
|
} else {
|
||||||
urlStr = req.URL.String()
|
urlStr = stripPassword(req.URL)
|
||||||
}
|
}
|
||||||
return &url.Error{
|
return &url.Error{
|
||||||
Op: method[:1] + strings.ToLower(method[1:]),
|
Op: method[:1] + strings.ToLower(method[1:]),
|
||||||
@ -880,3 +880,12 @@ func isDomainOrSubdomain(sub, parent string) bool {
|
|||||||
}
|
}
|
||||||
return sub[len(sub)-len(parent)-1] == '.'
|
return sub[len(sub)-len(parent)-1] == '.'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func stripPassword(u *url.URL) string {
|
||||||
|
pass, passSet := u.User.Password()
|
||||||
|
if passSet {
|
||||||
|
return strings.Replace(u.String(), pass+"@", "***@", 1)
|
||||||
|
}
|
||||||
|
|
||||||
|
return u.String()
|
||||||
|
}
|
||||||
|
@ -1162,6 +1162,40 @@ func TestBasicAuthHeadersPreserved(t *testing.T) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestStripPasswordFromError(t *testing.T) {
|
||||||
|
client := &Client{Transport: &recordingTransport{}}
|
||||||
|
testCases := []struct {
|
||||||
|
desc string
|
||||||
|
in string
|
||||||
|
out string
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
desc: "Strip password from error message",
|
||||||
|
in: "http://user:password@dummy.faketld/",
|
||||||
|
out: "Get http://user:***@dummy.faketld/: dummy impl",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: "Don't Strip password from domain name",
|
||||||
|
in: "http://user:password@password.faketld/",
|
||||||
|
out: "Get http://user:***@password.faketld/: dummy impl",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: "Don't Strip password from path",
|
||||||
|
in: "http://user:password@dummy.faketld/password",
|
||||||
|
out: "Get http://user:***@dummy.faketld/password: dummy impl",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, tC := range testCases {
|
||||||
|
t.Run(tC.desc, func(t *testing.T) {
|
||||||
|
_, err := client.Get(tC.in)
|
||||||
|
if err.Error() != tC.out {
|
||||||
|
t.Errorf("Unexpected output for %q: expected %q, actual %q",
|
||||||
|
tC.in, tC.out, err.Error())
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func TestClientTimeout_h1(t *testing.T) { testClientTimeout(t, h1Mode) }
|
func TestClientTimeout_h1(t *testing.T) { testClientTimeout(t, h1Mode) }
|
||||||
func TestClientTimeout_h2(t *testing.T) { testClientTimeout(t, h2Mode) }
|
func TestClientTimeout_h2(t *testing.T) { testClientTimeout(t, h2Mode) }
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user