Skip to content

G
go
Commit 2c67cdf7 authored by Thanabodee Charoenpiriyakij's avatar Thanabodee Charoenpiriyakij Committed by Brad Fitzpatrick
Browse files
Options

net/http: strip escaped password from error 

Using password that returns from User.Password() won't work in this case
because password in Userinfo already unescaped. The solution is uses
User.String() to escape password back again and then stringify it to error.

Fixes #31808

Change-Id: I723aafd5a57a5b69f2dd7d3a21b82ebbd4174451
Reviewed-on: https://go-review.googlesource.com/c/go/+/175018Reviewed-by: default avatarBrad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
parent f5c43b91
Show whitespace changes
Inline Side-by-side
Showing with 7 additions and 3 deletions
src/net/http/client.go
View file @ 2c67cdf7
......@@ -926,10 +926,9 @@ func isDomainOrSubdomain(sub, parent string) bool {
}
func stripPassword(u *url.URL) string {
pass, passSet := u.User.Password()
_, passSet := u.User.Password()
if passSet {
return strings.Replace(u.String(), pass+"@", "***@", 1)
return strings.Replace(u.String(), u.User.String()+"@", u.User.Username()+":***@", 1)
}
return u.String()
}
src/net/http/client_test.go
View file @ 2c67cdf7
......@@ -1184,6 +1184,11 @@ func TestStripPasswordFromError(t *testing.T) {
in: "http://user:password@dummy.faketld/password",
out: "Get http://user:***@dummy.faketld/password: dummy impl",
},
{
desc: "Strip escaped password",
in: "http://user:pa%2Fssword@dummy.faketld/",
out: "Get http://user:***@dummy.faketld/: dummy impl",
},
}
for _, tC := range testCases {
t.Run(tC.desc, func(t *testing.T) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7