net/url: add URL.Redacted() to return a password scrubbed string

Returning an URL.String() without the password is very useful for situations where the URL is supposed to be logged and the password is not useful to be shown. This method re-uses URL.String() but with the password scrubbed and substituted for a "xxxxx" in order to make it obvious that there was a password. If the URL had no password then no "xxxxx" will be shown. Fixes #34855
2019-11-13 21:26:30 -04:00 · 2019-11-13 21:26:30 -04:00 · 46d06dbc4f
parent 718f553915
commit 46d06dbc4f
2 changed files with 81 additions and 0 deletions
--- a/src/net/url/url.go
+++ b/src/net/url/url.go
@ -821,6 +821,20 @@ func (u *URL) String() string {
 	return buf.String()
 }

+// Redacted is like String but replaces any password with "xxxxx".
+// Only the password in u.URL is redacted.
+func (u *URL) Redacted() string {
+	if u == nil {
+		return ""
+	}
+
+	ru := *u
+	if _, has := ru.User.Password(); has {
+		ru.User = UserPassword(ru.User.Username(), "xxxxx")
+	}
+	return ru.String()
+}
+
 // Values maps a string key to a list of values.
 // It is typically used for query parameters and form values.
 // Unlike in the http.Header map, the keys in a Values map
--- a/src/net/url/url_test.go
+++ b/src/net/url/url_test.go
@ -765,6 +765,73 @@ func TestURLString(t *testing.T) {
 	}
 }

+func TestURLRedacted(t *testing.T) {
+	cases := []struct {
+		name string
+		url  *URL
+		want string
+	}{
+		{
+			name: "non-blank Password",
+			url: &URL{
+				Scheme: "http",
+				Host:   "host.tld",
+				Path:   "this:that",
+				User:   UserPassword("user", "password"),
+			},
+			want: "http://user:xxxxx@host.tld/this:that",
+		},
+		{
+			name: "blank Password",
+			url: &URL{
+				Scheme: "http",
+				Host:   "host.tld",
+				Path:   "this:that",
+				User:   User("user"),
+			},
+			want: "http://user@host.tld/this:that",
+		},
+		{
+			name: "nil User",
+			url: &URL{
+				Scheme: "http",
+				Host:   "host.tld",
+				Path:   "this:that",
+				User:   UserPassword("", "password"),
+			},
+			want: "http://:xxxxx@host.tld/this:that",
+		},
+		{
+			name: "blank Username, blank Password",
+			url: &URL{
+				Scheme: "http",
+				Host:   "host.tld",
+				Path:   "this:that",
+			},
+			want: "http://host.tld/this:that",
+		},
+		{
+			name: "empty URL",
+			url:  &URL{},
+			want: "",
+		},
+		{
+			name: "nil URL",
+			url:  nil,
+			want: "",
+		},
+	}
+
+	for _, tt := range cases {
+		t := t
+		t.Run(tt.name, func(t *testing.T) {
+			if g, w := tt.url.Redacted(), tt.want; g != w {
+				t.Fatalf("got: %q\nwant: %q", g, w)
+			}
+		})
+	}
+}
+
 type EscapeTest struct {
 	in  string
 	out string