From 27d9dcf13843e0eeae7ffca25951da0f6142c78c Mon Sep 17 00:00:00 2001 From: Andreas Lutro Date: Thu, 9 May 2019 15:19:55 +0200 Subject: [PATCH 1/6] redact --find-links urls --- src/pip/_internal/index.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/pip/_internal/index.py b/src/pip/_internal/index.py index b524c060529..8ee5c317efe 100644 --- a/src/pip/_internal/index.py +++ b/src/pip/_internal/index.py @@ -663,7 +663,8 @@ def get_formatted_locations(self): ) if self.find_links: lines.append( - "Looking in links: {}".format(", ".join(self.find_links)) + "Looking in links: {}".format(", ".join( + redact_password_from_url(url) for url in self.find_links)) ) return "\n".join(lines) From 9cc64b68753865236f703770720efc7ee130e91f Mon Sep 17 00:00:00 2001 From: Andreas Lutro Date: Tue, 14 May 2019 09:07:07 +0200 Subject: [PATCH 2/6] add news file --- news/6489.trivial | 1 + 1 file changed, 1 insertion(+) create mode 100644 news/6489.trivial diff --git a/news/6489.trivial b/news/6489.trivial new file mode 100644 index 00000000000..a5eb4f9c1ee --- /dev/null +++ b/news/6489.trivial @@ -0,0 +1 @@ +Hide passwords in output when using ``--find-links``. From 27e97c5cb3c8d48bdaa0592ea18c029bd20d9c70 Mon Sep 17 00:00:00 2001 From: Andreas Lutro Date: Tue, 14 May 2019 09:07:11 +0200 Subject: [PATCH 3/6] add test --- tests/unit/test_index.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/unit/test_index.py b/tests/unit/test_index.py index ac1e45073d3..d370d889c11 100644 --- a/tests/unit/test_index.py +++ b/tests/unit/test_index.py @@ -185,12 +185,14 @@ def test_get_formatted_locations_basic_auth(): 'https://pypi.org/simple', 'https://user:pass@repo.domain.com', ] - finder = PackageFinder.create([], index_urls, session=[]) + find_links = [ + 'https://user:pass@page.domain.com' + ] + finder = PackageFinder(find_links, index_urls, session=[]) result = finder.get_formatted_locations() - assert 'user' in result - assert '****' in result - assert 'pass' not in result + assert 'user:****@repo.domain.com' in result + assert 'user:****@page.domain.com' in result @pytest.mark.parametrize( From 3202362033b9eb5b0b01a15884bda58516a8424c Mon Sep 17 00:00:00 2001 From: Andreas Lutro Date: Mon, 20 May 2019 12:24:55 +0200 Subject: [PATCH 4/6] move news --- news/{6489.trivial => 6489.bugfix} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename news/{6489.trivial => 6489.bugfix} (100%) diff --git a/news/6489.trivial b/news/6489.bugfix similarity index 100% rename from news/6489.trivial rename to news/6489.bugfix From 3e7fa09141ac0ae5f10444e13f08841d0cda5114 Mon Sep 17 00:00:00 2001 From: Andreas Lutro Date: Mon, 20 May 2019 12:27:32 +0200 Subject: [PATCH 5/6] re-add assertions to make sure password is not in output --- tests/unit/test_index.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/unit/test_index.py b/tests/unit/test_index.py index d370d889c11..15aa549685c 100644 --- a/tests/unit/test_index.py +++ b/tests/unit/test_index.py @@ -183,16 +183,18 @@ def test_get_formatted_locations_basic_auth(): """ index_urls = [ 'https://pypi.org/simple', - 'https://user:pass@repo.domain.com', + 'https://repo-user:repo-pass@repo.domain.com', ] find_links = [ - 'https://user:pass@page.domain.com' + 'https://links-user:links-pass@page.domain.com' ] finder = PackageFinder(find_links, index_urls, session=[]) result = finder.get_formatted_locations() - assert 'user:****@repo.domain.com' in result - assert 'user:****@page.domain.com' in result + assert 'repo-user:****@repo.domain.com' in result + assert 'repo-pass' not in result + assert 'links-user:****@page.domain.com' in result + assert 'links-pass' not in result @pytest.mark.parametrize( From 8bd61659319b0c0e13bd2ee79967a25a10dee684 Mon Sep 17 00:00:00 2001 From: Andreas Lutro Date: Mon, 20 May 2019 12:31:29 +0200 Subject: [PATCH 6/6] update PackageFinder creation --- tests/unit/test_index.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/unit/test_index.py b/tests/unit/test_index.py index 15aa549685c..d75bb6c2a5b 100644 --- a/tests/unit/test_index.py +++ b/tests/unit/test_index.py @@ -188,7 +188,7 @@ def test_get_formatted_locations_basic_auth(): find_links = [ 'https://links-user:links-pass@page.domain.com' ] - finder = PackageFinder(find_links, index_urls, session=[]) + finder = PackageFinder.create(find_links, index_urls, session=[]) result = finder.get_formatted_locations() assert 'repo-user:****@repo.domain.com' in result