diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000..511ca2675 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +cmd/go-getter/go-getter diff --git a/url.go b/url.go index 1eaa4ce9f..98b73da4b 100644 --- a/url.go +++ b/url.go @@ -13,7 +13,12 @@ func RedactURL(u *url.URL) string { ru := *u if _, has := ru.User.Password(); has { - ru.User = url.UserPassword(ru.User.Username(), "xxxxx") + ru.User = url.UserPassword(ru.User.Username(), "redacted") + } + q := ru.Query() + if q.Get("sshkey") != "" { + q.Set("sshkey", "redacted") + ru.RawQuery = q.Encode() } return ru.String() } diff --git a/url_test.go b/url_test.go index 3f87b0d7c..720359e5c 100644 --- a/url_test.go +++ b/url_test.go @@ -19,7 +19,7 @@ func TestRedactURL(t *testing.T) { Path: "this:that", User: url.UserPassword("user", "password"), }, - want: "http://user:xxxxx@host.tld/this:that", + want: "http://user:redacted@host.tld/this:that", }, { name: "blank Password", @@ -39,7 +39,7 @@ func TestRedactURL(t *testing.T) { Path: "this:that", User: url.UserPassword("", "password"), }, - want: "http://:xxxxx@host.tld/this:that", + want: "http://:redacted@host.tld/this:that", }, { name: "blank Username, blank Password", @@ -60,6 +60,28 @@ func TestRedactURL(t *testing.T) { url: nil, want: "", }, + { + name: "non-blank SSH key in URL query parameter", + url: &url.URL{ + Scheme: "ssh", + User: url.User("git"), + Host: "github.com", + Path: "hashicorp/go-getter-test-private.git", + RawQuery: "sshkey=LS0tLS1CRUdJTiBPUE", + }, + want: "ssh://git@github.com/hashicorp/go-getter-test-private.git?sshkey=redacted", + }, + { + name: "blank SSH key in URL query parameter", + url: &url.URL{ + Scheme: "ssh", + User: url.User("git"), + Host: "github.com", + Path: "hashicorp/go-getter-test-private.git", + RawQuery: "sshkey=", + }, + want: "ssh://git@github.com/hashicorp/go-getter-test-private.git?sshkey=", + }, } for _, tt := range cases {