Stowage/go
2
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-12-08 06:10:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

net/http: strip password from error message

Browse source 
Strip password from URL then stringifying it to error.

Fixes #24572

Change-Id: I1751ea9ccf87e7dff50c4c2a2010bf3f865702f8
Reviewed-on: https://go-review.googlesource.com/102855
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
This commit is contained in:
Gregory Man 2018-03-28 11:44:10 +03:00 committed by Brad Fitzpatrick
parent 625f2dccd4
commit a30d24fad9
2 changed files with 45 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/net/http/client.go
View file

@ -515,9 +515,9 @@ func (c *Client) Do(req *Request) (*Response, error) {
method := valueOrDefault(reqs[0].Method, "GET")
var urlStr string
if resp != nil && resp.Request != nil {
urlStr = resp.Request.URL.String()
urlStr = stripPassword(resp.Request.URL)
} else {
urlStr = req.URL.String()
urlStr = stripPassword(req.URL)
}
return &url.Error{
Op: method[:1] + strings.ToLower(method[1:]),
@ -880,3 +880,12 @@ func isDomainOrSubdomain(sub, parent string) bool {
}
return sub[len(sub)-len(parent)-1] == '.'
}
func stripPassword(u *url.URL) string {
pass, passSet := u.User.Password()
if passSet {
return strings.Replace(u.String(), pass+"@", "***@", 1)
}
return u.String()
}