Using password that returns from User.Password() won't work in this case
because password in Userinfo already unescaped. The solution is uses
User.String() to escape password back again and then stringify it to error.
Fixes #31808
Change-Id: I723aafd5a57a5b69f2dd7d3a21b82ebbd4174451
Reviewed-on: https://go-review.googlesource.com/c/go/+/175018
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
}
func stripPassword(u *url.URL) string {
- pass, passSet := u.User.Password()
+ _, passSet := u.User.Password()
if passSet {
- return strings.Replace(u.String(), pass+"@", "***@", 1)
+ return strings.Replace(u.String(), u.User.String()+"@", u.User.Username()+":***@", 1)
}
-
return u.String()
}
in: "http://user:password@dummy.faketld/password",
out: "Get http://user:***@dummy.faketld/password: dummy impl",
},
+ {
+ desc: "Strip escaped password",
+ in: "http://user:pa%2Fssword@dummy.faketld/",
+ out: "Get http://user:***@dummy.faketld/: dummy impl",
+ },
}
for _, tC := range testCases {
t.Run(tC.desc, func(t *testing.T) {