diff options
author | Daniel Niknam <mhmd.niknam@gmail.com> | 2021-08-22 01:37:32 +1000 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2021-08-31 19:06:14 +0900 |
commit | 19e1d3cdce96b9e58a0947b6fcbabd6da06cbd11 (patch) | |
tree | 9d3857faf91a4631427b017ea54171d3542f52e6 /test/rubygems/test_gem_request.rb | |
parent | 31c2e6c08eccf77ec24126b9c77a910a4e543293 (diff) | |
download | ruby-19e1d3cdce96b9e58a0947b6fcbabd6da06cbd11.tar.gz |
[rubygems/rubygems] Using `Gem::PrintableUri` in `Gem::Request` class
The `@uri` variable could be a source URI with a credential. Using `Gem::PrintableUri` to make sure we are redacting sensitive information from it when logging on verbose mode.
https://github.com/rubygems/rubygems/commit/f566787211
Diffstat (limited to 'test/rubygems/test_gem_request.rb')
-rw-r--r-- | test/rubygems/test_gem_request.rb | 34 |
1 files changed, 30 insertions, 4 deletions
diff --git a/test/rubygems/test_gem_request.rb b/test/rubygems/test_gem_request.rb index 780150d639..0c370c8a04 100644 --- a/test/rubygems/test_gem_request.rb +++ b/test/rubygems/test_gem_request.rb @@ -197,27 +197,53 @@ class TestGemRequest < Gem::TestCase end def test_fetch_basic_auth + Gem.configuration.verbose = :really uri = URI.parse "https://user:pass@example.rubygems/specs.#{Gem.marshal_version}" conn = util_stub_net_http(:body => :junk, :code => 200) do |c| - @request = make_request(uri, Net::HTTP::Get, nil, nil) - @request.fetch + use_ui @ui do + @request = make_request(uri, Net::HTTP::Get, nil, nil) + @request.fetch + end c end auth_header = conn.payload['Authorization'] assert_equal "Basic #{Base64.encode64('user:pass')}".strip, auth_header + assert_includes @ui.output, "GET https://user:REDACTED@example.rubygems/specs.#{Gem.marshal_version}" end def test_fetch_basic_auth_encoded + Gem.configuration.verbose = :really uri = URI.parse "https://user:%7BDEScede%7Dpass@example.rubygems/specs.#{Gem.marshal_version}" + conn = util_stub_net_http(:body => :junk, :code => 200) do |c| - @request = make_request(uri, Net::HTTP::Get, nil, nil) - @request.fetch + use_ui @ui do + @request = make_request(uri, Net::HTTP::Get, nil, nil) + @request.fetch + end c end auth_header = conn.payload['Authorization'] assert_equal "Basic #{Base64.encode64('user:{DEScede}pass')}".strip, auth_header + assert_includes @ui.output, "GET https://user:REDACTED@example.rubygems/specs.#{Gem.marshal_version}" + end + + def test_fetch_basic_oauth_encoded + Gem.configuration.verbose = :really + uri = URI.parse "https://%7BDEScede%7Dpass:x-oauth-basic@example.rubygems/specs.#{Gem.marshal_version}" + + conn = util_stub_net_http(:body => :junk, :code => 200) do |c| + use_ui @ui do + @request = make_request(uri, Net::HTTP::Get, nil, nil) + @request.fetch + end + c + end + + auth_header = conn.payload['Authorization'] + assert_equal "Basic #{Base64.encode64('{DEScede}pass:x-oauth-basic')}".strip, auth_header + assert_includes @ui.output, "GET https://REDACTED:x-oauth-basic@example.rubygems/specs.#{Gem.marshal_version}" end def test_fetch_head |