Commit 2c67cdf7 authored by Thanabodee Charoenpiriyakij's avatar Thanabodee Charoenpiriyakij Committed by Brad Fitzpatrick

net/http: strip escaped password from error

Using password that returns from User.Password() won't work in this case
because password in Userinfo already unescaped. The solution is uses
User.String() to escape password back again and then stringify it to error.

Fixes #31808

Change-Id: I723aafd5a57a5b69f2dd7d3a21b82ebbd4174451
Reviewed-on: https://go-review.googlesource.com/c/go/+/175018Reviewed-by: default avatarBrad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
parent f5c43b91
...@@ -926,10 +926,9 @@ func isDomainOrSubdomain(sub, parent string) bool { ...@@ -926,10 +926,9 @@ func isDomainOrSubdomain(sub, parent string) bool {
} }
func stripPassword(u *url.URL) string { func stripPassword(u *url.URL) string {
pass, passSet := u.User.Password() _, passSet := u.User.Password()
if passSet { if passSet {
return strings.Replace(u.String(), pass+"@", "***@", 1) return strings.Replace(u.String(), u.User.String()+"@", u.User.Username()+":***@", 1)
} }
return u.String() return u.String()
} }
...@@ -1184,6 +1184,11 @@ func TestStripPasswordFromError(t *testing.T) { ...@@ -1184,6 +1184,11 @@ func TestStripPasswordFromError(t *testing.T) {
in: "http://user:password@dummy.faketld/password", in: "http://user:password@dummy.faketld/password",
out: "Get http://user:***@dummy.faketld/password: dummy impl", out: "Get http://user:***@dummy.faketld/password: dummy impl",
}, },
{
desc: "Strip escaped password",
in: "http://user:pa%2Fssword@dummy.faketld/",
out: "Get http://user:***@dummy.faketld/: dummy impl",
},
} }
for _, tC := range testCases { for _, tC := range testCases {
t.Run(tC.desc, func(t *testing.T) { t.Run(tC.desc, func(t *testing.T) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment