Mask passwds in downloads.py output #6834
Conversation
| @@ -839,13 +840,13 @@ def written_chunks(chunks): | |||
| progress_indicator = DownloadProgressProvider(progress_bar, | |||
| max=total_length) | |||
| if total_length: | |||
| logger.info("Downloading %s (%s)", url, format_size(total_length)) | |||
| logger.info("Downloading %s (%s)", redact_password_from_url(url), format_size(total_length)) | |||
There was a problem hiding this comment.
It would be good to call this once above if show_progress IMO:
redacted_url = redact_password_from_url(url)It will make the code a bit less cluttered.
There was a problem hiding this comment.
You should also add a bugfix news entry. The bug number can be the number of this PR. @xavfernandez's message below has an appropriate issue number.
|
That'd be a file |
|
I'll make the amendments, thanks for the feedback! |
|
This solves #6783 (so this could be |
|
Hi @YoloSecurity! Were you planning to get back to this? |
|
Sorry, yes! I some how found myself moving house so this fell to the bottom
of my list of "things I gotta do" - I still intend to fix it. Sorry for the
delay, I should get to it shortly!
…On Wed, 18 Sep 2019, 03:39 Christopher Hunt, ***@***.***> wrote:
Hi @YoloSecurity <https://github.com/YoloSecurity>! Were you planning to
get back to this?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#6834?email_source=notifications&email_token=AHEZZPJWYN25MWKHRVMHKMDQKGIF7A5CNFSM4IJF4FY2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD66TH4A#issuecomment-532493296>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AHEZZPPRY4WAMERQ23F634TQKGIF7ANCNFSM4IJF4FYQ>
.
|
|
No problem! And no stress, if you find yourself still busy just say the word and one of us can pick this up. 👍 Thanks for your work on this so far. |
chrahunt
removed
the
S: awaiting response
|
Hello! I am an automated bot and I have noticed that this pull request is not currently able to be merged. If you are able to either merge the |
|
Just to keep this alive - I will be updating this PR this weekend. Thank
you for the patience :)
…On Sat, Sep 21, 2019 at 6:45 AM BrownTruck ***@***.***> wrote:
Hello!
I am an automated bot and I have noticed that this pull request is not
currently able to be merged. If you are able to either merge the master
branch into this pull request or rebase this pull request against master
then it will be eligible for code review and hopefully merging!
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#6834?email_source=notifications&email_token=AHEZZPMQ6LSTSD26CMB5IGTQKWYHBA5CNFSM4IJF4FY2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7ILBWA#issuecomment-533770456>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AHEZZPJKBK73CPF63G7QCY3QKWYHBANCNFSM4IJF4FYQ>
.
--
MfG
-- Liam Stevenson --
|
|
@YoloSecurity any update ? |
|
If no one's looking into this right now, I'll gladly pick it up and see what I can do. |
|
This was taken care of in #7373. Thanks @YoloSecurity for the initial implementation and everyone else for the helpful comments! |
lock
bot
added
the
auto-locked
I found that the URL variable in download.py was just just being printed to stout so I took the function redact_password_from_url used else where (such as collector.py), imported it and used it to mask the passwords:
python pip install https://test:[email protected]/test Collecting https://test:****@github.com/test Downloading https://test:****@github.com/test