Harden URL redaction in inventory/review failure output (Issue #171)
This commit is contained in:
+4
-2
@@ -761,7 +761,7 @@ _SECRET_PREFIXES = ("token ", "Basic ")
|
||||
|
||||
|
||||
def _redact(text: str) -> str:
|
||||
"""Strip anything that looks like an Authorization credential from *text*.
|
||||
"""Strip anything that looks like an Authorization credential or raw URL from *text*.
|
||||
|
||||
Errors raised by ``api_request`` echo the server response body, not the
|
||||
request headers, so a token should never appear — this is defence in depth
|
||||
@@ -782,7 +782,9 @@ def _redact(text: str) -> str:
|
||||
j += 1
|
||||
out = out[:i] + prefix + "[REDACTED]" + out[j:]
|
||||
idx = i + len(prefix) + len("[REDACTED]")
|
||||
return out
|
||||
# Redact raw URLs, query secrets, hostnames, etc.
|
||||
import gitea_audit
|
||||
return gitea_audit.redact_urls(out)
|
||||
|
||||
|
||||
# Review states that carry a submitted verdict. Gitea also emits PENDING
|
||||
|
||||
Reference in New Issue
Block a user