[rubygems/rubygems] Using Gem::PrintableUri
in Gem::Request
class
The `@uri` variable could be a source URI with a credential. Using `Gem::PrintableUri` to make sure we are redacting sensitive information from it when logging on verbose mode. https://github.com/rubygems/rubygems/commit/f566787211
This commit is contained in:
parent
31c2e6c08e
commit
19e1d3cdce
Notes:
git
2021-08-31 19:06:58 +09:00
@ -184,6 +184,7 @@ class Gem::Request
|
|||||||
|
|
||||||
def perform_request(request) # :nodoc:
|
def perform_request(request) # :nodoc:
|
||||||
connection = connection_for @uri
|
connection = connection_for @uri
|
||||||
|
uri = Gem::PrintableUri.parse_uri(@uri)
|
||||||
|
|
||||||
retried = false
|
retried = false
|
||||||
bad_response = false
|
bad_response = false
|
||||||
@ -191,7 +192,7 @@ class Gem::Request
|
|||||||
begin
|
begin
|
||||||
@requests[connection.object_id] += 1
|
@requests[connection.object_id] += 1
|
||||||
|
|
||||||
verbose "#{request.method} #{@uri}"
|
verbose "#{request.method} #{uri}"
|
||||||
|
|
||||||
file_name = File.basename(@uri.path)
|
file_name = File.basename(@uri.path)
|
||||||
# perform download progress reporter only for gems
|
# perform download progress reporter only for gems
|
||||||
|
@ -197,27 +197,53 @@ class TestGemRequest < Gem::TestCase
|
|||||||
end
|
end
|
||||||
|
|
||||||
def test_fetch_basic_auth
|
def test_fetch_basic_auth
|
||||||
|
Gem.configuration.verbose = :really
|
||||||
uri = URI.parse "https://user:pass@example.rubygems/specs.#{Gem.marshal_version}"
|
uri = URI.parse "https://user:pass@example.rubygems/specs.#{Gem.marshal_version}"
|
||||||
conn = util_stub_net_http(:body => :junk, :code => 200) do |c|
|
conn = util_stub_net_http(:body => :junk, :code => 200) do |c|
|
||||||
@request = make_request(uri, Net::HTTP::Get, nil, nil)
|
use_ui @ui do
|
||||||
@request.fetch
|
@request = make_request(uri, Net::HTTP::Get, nil, nil)
|
||||||
|
@request.fetch
|
||||||
|
end
|
||||||
c
|
c
|
||||||
end
|
end
|
||||||
|
|
||||||
auth_header = conn.payload['Authorization']
|
auth_header = conn.payload['Authorization']
|
||||||
assert_equal "Basic #{Base64.encode64('user:pass')}".strip, auth_header
|
assert_equal "Basic #{Base64.encode64('user:pass')}".strip, auth_header
|
||||||
|
assert_includes @ui.output, "GET https://user:REDACTED@example.rubygems/specs.#{Gem.marshal_version}"
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_fetch_basic_auth_encoded
|
def test_fetch_basic_auth_encoded
|
||||||
|
Gem.configuration.verbose = :really
|
||||||
uri = URI.parse "https://user:%7BDEScede%7Dpass@example.rubygems/specs.#{Gem.marshal_version}"
|
uri = URI.parse "https://user:%7BDEScede%7Dpass@example.rubygems/specs.#{Gem.marshal_version}"
|
||||||
|
|
||||||
conn = util_stub_net_http(:body => :junk, :code => 200) do |c|
|
conn = util_stub_net_http(:body => :junk, :code => 200) do |c|
|
||||||
@request = make_request(uri, Net::HTTP::Get, nil, nil)
|
use_ui @ui do
|
||||||
@request.fetch
|
@request = make_request(uri, Net::HTTP::Get, nil, nil)
|
||||||
|
@request.fetch
|
||||||
|
end
|
||||||
c
|
c
|
||||||
end
|
end
|
||||||
|
|
||||||
auth_header = conn.payload['Authorization']
|
auth_header = conn.payload['Authorization']
|
||||||
assert_equal "Basic #{Base64.encode64('user:{DEScede}pass')}".strip, auth_header
|
assert_equal "Basic #{Base64.encode64('user:{DEScede}pass')}".strip, auth_header
|
||||||
|
assert_includes @ui.output, "GET https://user:REDACTED@example.rubygems/specs.#{Gem.marshal_version}"
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_fetch_basic_oauth_encoded
|
||||||
|
Gem.configuration.verbose = :really
|
||||||
|
uri = URI.parse "https://%7BDEScede%7Dpass:x-oauth-basic@example.rubygems/specs.#{Gem.marshal_version}"
|
||||||
|
|
||||||
|
conn = util_stub_net_http(:body => :junk, :code => 200) do |c|
|
||||||
|
use_ui @ui do
|
||||||
|
@request = make_request(uri, Net::HTTP::Get, nil, nil)
|
||||||
|
@request.fetch
|
||||||
|
end
|
||||||
|
c
|
||||||
|
end
|
||||||
|
|
||||||
|
auth_header = conn.payload['Authorization']
|
||||||
|
assert_equal "Basic #{Base64.encode64('{DEScede}pass:x-oauth-basic')}".strip, auth_header
|
||||||
|
assert_includes @ui.output, "GET https://REDACTED:x-oauth-basic@example.rubygems/specs.#{Gem.marshal_version}"
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_fetch_head
|
def test_fetch_head
|
||||||
|
Loading…
x
Reference in New Issue
Block a user