[rubygems/rubygems] Using `Gem::PrintableUri` in `Gem::Request` class

The `@uri` variable could be a source URI with a credential. Using `Gem::PrintableUri` to make sure we are redacting sensitive information from it when logging on verbose mode. https://github.com/rubygems/rubygems/commit/f566787211
author: Daniel Niknam <mhmd.niknam@gmail.com> 2021-08-22 01:37:32 +1000
committer: Hiroshi SHIBATA <hsbt@ruby-lang.org> 2021-08-31 19:06:14 +0900
commit: 19e1d3cdce96b9e58a0947b6fcbabd6da06cbd11 (patch)
tree: 9d3857faf91a4631427b017ea54171d3542f52e6 /test
parent: 31c2e6c08eccf77ec24126b9c77a910a4e543293 (diff)
1 files changed, 30 insertions, 4 deletions
diff --git a/test/rubygems/test_gem_request.rb b/test/rubygems/test_gem_request.rb
index 780150d639..0c370c8a04 100644
--- a/test/rubygems/test_gem_request.rb
+++ b/test/rubygems/test_gem_request.rb
@@ -197,27 +197,53 @@ class TestGemRequest < Gem::TestCase
   end
 
   def test_fetch_basic_auth
+    Gem.configuration.verbose = :really
     uri = URI.parse "https://user:pass@example.rubygems/specs.#{Gem.marshal_version}"
     conn = util_stub_net_http(:body => :junk, :code => 200) do |c|
-      @request = make_request(uri, Net::HTTP::Get, nil, nil)
-      @request.fetch
+      use_ui @ui do
+        @request = make_request(uri, Net::HTTP::Get, nil, nil)
+        @request.fetch
+      end
       c
     end
 
     auth_header = conn.payload['Authorization']
     assert_equal "Basic #{Base64.encode64('user:pass')}".strip, auth_header
+    assert_includes @ui.output, "GET https://user:REDACTED@example.rubygems/specs.#{Gem.marshal_version}"
   end
 
   def test_fetch_basic_auth_encoded
+    Gem.configuration.verbose = :really
     uri = URI.parse "https://user:%7BDEScede%7Dpass@example.rubygems/specs.#{Gem.marshal_version}"
+
     conn = util_stub_net_http(:body => :junk, :code => 200) do |c|
-      @request = make_request(uri, Net::HTTP::Get, nil, nil)
-      @request.fetch
+      use_ui @ui do
+        @request = make_request(uri, Net::HTTP::Get, nil, nil)
+        @request.fetch
+      end
       c
     end
 
     auth_header = conn.payload['Authorization']
     assert_equal "Basic #{Base64.encode64('user:{DEScede}pass')}".strip, auth_header
+    assert_includes @ui.output, "GET https://user:REDACTED@example.rubygems/specs.#{Gem.marshal_version}"
+  end
+
+  def test_fetch_basic_oauth_encoded
+    Gem.configuration.verbose = :really
+    uri = URI.parse "https://%7BDEScede%7Dpass:x-oauth-basic@example.rubygems/specs.#{Gem.marshal_version}"
+
+    conn = util_stub_net_http(:body => :junk, :code => 200) do |c|
+      use_ui @ui do
+        @request = make_request(uri, Net::HTTP::Get, nil, nil)
+        @request.fetch
+      end
+      c
+    end
+
+    auth_header = conn.payload['Authorization']
+    assert_equal "Basic #{Base64.encode64('{DEScede}pass:x-oauth-basic')}".strip, auth_header
+    assert_includes @ui.output, "GET https://REDACTED:x-oauth-basic@example.rubygems/specs.#{Gem.marshal_version}"
   end
 
   def test_fetch_head
author	Daniel Niknam <mhmd.niknam@gmail.com>	2021-08-22 01:37:32 +1000
committer	Hiroshi SHIBATA <hsbt@ruby-lang.org>	2021-08-31 19:06:14 +0900
commit	19e1d3cdce96b9e58a0947b6fcbabd6da06cbd11 (patch)
tree	9d3857faf91a4631427b017ea54171d3542f52e6 /test
parent	31c2e6c08eccf77ec24126b9c77a910a4e543293 (diff)