Skip to content

Commit

Permalink
Do not marshal secrets in URL's
Browse files Browse the repository at this point in the history
Signed-off-by: Julien Pivotto <[email protected]>
  • Loading branch information
roidelapluie committed Sep 28, 2021
1 parent 8d1c9f8 commit b6d7542
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 1 deletion.
16 changes: 15 additions & 1 deletion config/http_config.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,11 +110,25 @@ func (u *URL) UnmarshalYAML(unmarshal func(interface{}) error) error {
// MarshalYAML implements the yaml.Marshaler interface for URLs.
func (u URL) MarshalYAML() (interface{}, error) {
if u.URL != nil {
return u.String(), nil
return u.Redacted(), nil
}
return nil, nil
}

// Redacted returns the URL but replaces any password with "xxxxx".
func (u URL) Redacted() string {
if u.URL == nil {
return ""
}

ru := *u.URL
if _, ok := ru.User.Password(); ok {
// We can not use secretToken because it would be escaped.
ru.User = url.UserPassword(ru.User.Username(), "xxxxx")
}
return ru.String()
}

// UnmarshalJSON implements the json.Marshaler interface for URL.
func (u *URL) UnmarshalJSON(data []byte) error {
var s string
Expand Down
16 changes: 16 additions & 0 deletions config/http_config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1418,3 +1418,19 @@ func TestUnmarshalURL(t *testing.T) {
t.Fatalf("URL not properly unmarshaled in YAML, got '%s'", u.String())
}
}

func TestMarshalURLWithSecret(t *testing.T) {
var u URL
err := yaml.Unmarshal([]byte("http://foo:[email protected]"), &u)
if err != nil {
t.Fatal(err)
}

b, err := yaml.Marshal(u)
if err != nil {
t.Fatal(err)
}
if strings.TrimSpace(string(b)) != "http://foo:[email protected]" {
t.Fatalf("URL not properly marshaled in YAML, got '%s'", string(b))
}
}

0 comments on commit b6d7542

Please sign in to comment.