Merge pull request #348 from macedogm/sshkey-redact

schmichael · web-flow · commit f5cbbb458c14 · 2022-01-03T14:00:37.000-08:00
Redact SSH key from URL query parameter
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+cmd/go-getter/go-getter
diff --git a/url.go b/url.go
@@ -3,17 +3,23 @@ package getter
 import "net/url"
 
 // RedactURL is a port of url.Redacted from the standard library,
-// which is like url.String but replaces any password with "xxxxx".
+// which is like url.String but replaces any password with "redacted".
 // Only the password in u.URL is redacted. This allows the library
 // to maintain compatibility with go1.14.
+// This port was also extended to redact SSH key from URL query parameter.
 func RedactURL(u *url.URL) string {
 	if u == nil {
 		return ""
 	}
 
 	ru := *u
 	if _, has := ru.User.Password(); has {
-		ru.User = url.UserPassword(ru.User.Username(), "xxxxx")
+		ru.User = url.UserPassword(ru.User.Username(), "redacted")
+	}
+	q := ru.Query()
+	if q.Get("sshkey") != "" {
+		q.Set("sshkey", "redacted")
+		ru.RawQuery = q.Encode()
 	}
 	return ru.String()
 }
diff --git a/url_test.go b/url_test.go
@@ -19,7 +19,7 @@ func TestRedactURL(t *testing.T) {
 				Path:   "this:that",
 				User:   url.UserPassword("user", "password"),
 			},
-			want: "http://user:xxxxx@host.tld/this:that",
+			want: "http://user:redacted@host.tld/this:that",
 		},
 		{
 			name: "blank Password",
@@ -39,7 +39,7 @@ func TestRedactURL(t *testing.T) {
 				Path:   "this:that",
 				User:   url.UserPassword("", "password"),
 			},
-			want: "http://:xxxxx@host.tld/this:that",
+			want: "http://:redacted@host.tld/this:that",
 		},
 		{
 			name: "blank Username, blank Password",
@@ -60,6 +60,28 @@ func TestRedactURL(t *testing.T) {
 			url:  nil,
 			want: "",
 		},
+		{
+			name: "non-blank SSH key in URL query parameter",
+			url: &url.URL{
+				Scheme:   "ssh",
+				User:     url.User("git"),
+				Host:     "github.com",
+				Path:     "hashicorp/go-getter-test-private.git",
+				RawQuery: "sshkey=LS0tLS1CRUdJTiBPUE",
+			},
+			want: "ssh://git@github.com/hashicorp/go-getter-test-private.git?sshkey=redacted",
+		},
+		{
+			name: "blank SSH key in URL query parameter",
+			url: &url.URL{
+				Scheme:   "ssh",
+				User:     url.User("git"),
+				Host:     "github.com",
+				Path:     "hashicorp/go-getter-test-private.git",
+				RawQuery: "sshkey=",
+			},
+			want: "ssh://git@github.com/hashicorp/go-getter-test-private.git?sshkey=",
+		},
 	}
 
 	for _, tt := range cases {
