Redacted URL in logs / errors

So that basic auth creds, if any, won't show up in logs
SUSE · Mar 15, 2022 · 28e8f81 · 28e8f81
1 parent ff6d014
commit 28e8f81
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 9 deletions.
diff --git a/client.go b/client.go
@@ -556,9 +556,9 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
 	if logger != nil {
 		switch v := logger.(type) {
 		case LeveledLogger:
-			v.Debug("performing request", "method", req.Method, "url", req.URL)
+			v.Debug("performing request", "method", req.Method, "url", req.URL.Redacted())
 		case Logger:
-			v.Printf("[DEBUG] %s %s", req.Method, req.URL)
+			v.Printf("[DEBUG] %s %s", req.Method, req.URL.Redacted())
 		}
 	}
 
@@ -604,9 +604,9 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
 		if doErr != nil {
 			switch v := logger.(type) {
 			case LeveledLogger:
-				v.Error("request failed", "error", doErr, "method", req.Method, "url", req.URL)
+				v.Error("request failed", "error", doErr, "method", req.Method, "url", req.URL.Redacted())
 			case Logger:
-				v.Printf("[ERR] %s %s request failed: %v", req.Method, req.URL, doErr)
+				v.Printf("[ERR] %s %s request failed: %v", req.Method, req.URL.Redacted(), doErr)
 			}
 		} else {
 			// Call this here to maintain the behavior of logging all requests,
@@ -642,7 +642,7 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
 
 		wait := c.Backoff(c.RetryWaitMin, c.RetryWaitMax, i, resp)
 		if logger != nil {
-			desc := fmt.Sprintf("%s %s", req.Method, req.URL)
+			desc := fmt.Sprintf("%s %s", req.Method, req.URL.Redacted())
 			if resp != nil {
 				desc = fmt.Sprintf("%s (status: %d)", desc, resp.StatusCode)
 			}
@@ -694,11 +694,11 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
 	// communicate why
 	if err == nil {
 		return nil, fmt.Errorf("%s %s giving up after %d attempt(s)",
-			req.Method, req.URL, attempt)
+			req.Method, req.URL.Redacted(), attempt)
 	}
 
 	return nil, fmt.Errorf("%s %s giving up after %d attempt(s): %w",
-		req.Method, req.URL, attempt, err)
+		req.Method, req.URL.Redacted(), attempt, err)
 }
 
 // Try to read the response body so we can reuse this connection.

diff --git a/client_test.go b/client_test.go
@@ -256,17 +256,32 @@ func TestClient_Do_fails(t *testing.T) {
 	}))
 	defer ts.Close()
 
+	serverUrlWithBasicAuth, err := url.Parse(ts.URL)
+	if err != nil {
+		t.Fatalf("failed parsing test server url: %s", ts.URL)
+	}
+	serverUrlWithBasicAuth.User = url.UserPassword("user", "pasten")
+
 	tests := []struct {
+		url  string
 		name string
 		cr   CheckRetry
 		err  string
 	}{
 		{
+			url:  ts.URL,
 			name: "default_retry_policy",
 			cr:   DefaultRetryPolicy,
 			err:  "giving up after 3 attempt(s)",
 		},
 		{
+			url:  serverUrlWithBasicAuth.String(),
+			name: "default_retry_policy_url_with_basic_auth",
+			cr:   DefaultRetryPolicy,
+			err:  serverUrlWithBasicAuth.Redacted() + " giving up after 3 attempt(s)",
+		},
+		{
+			url:  ts.URL,
 			name: "error_propagated_retry_policy",
 			cr:   ErrorPropagatedRetryPolicy,
 			err:  "giving up after 3 attempt(s): unexpected HTTP status 500 Internal Server Error",
@@ -283,15 +298,15 @@ func TestClient_Do_fails(t *testing.T) {
 			client.RetryMax = 2
 
 			// Create the request
-			req, err := NewRequest("POST", ts.URL, nil)
+			req, err := NewRequest("POST", tt.url, nil)
 			if err != nil {
 				t.Fatalf("err: %v", err)
 			}
 
 			// Send the request.
 			_, err = client.Do(req)
 			if err == nil || !strings.HasSuffix(err.Error(), tt.err) {
-				t.Fatalf("expected giving up error, got: %#v", err)
+				t.Fatalf("expected %#v, got: %#v", tt.err, err)
 			}
 		})
 	}