From 31c2e6c08eccf77ec24126b9c77a910a4e543293 Mon Sep 17 00:00:00 2001
From: Daniel Niknam <mhmd.niknam@gmail.com>
Date: Sun, 22 Aug 2021 01:33:21 +1000
Subject: [rubygems/rubygems] Using `Gem::PrintableUri` in
 `Gem::Commands::InstallCommand` class

The `x.source.uri` could be a source URI with a credential. Using `Gem::PrintableUri` to make sure we are redacting sensitive information from it.

https://github.com/rubygems/rubygems/commit/8755ee0aaa
---
 lib/rubygems/commands/install_command.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/rubygems/commands/install_command.rb b/lib/rubygems/commands/install_command.rb
index 92430ea444..ee50cba472 100644
--- a/lib/rubygems/commands/install_command.rb
+++ b/lib/rubygems/commands/install_command.rb
@@ -5,6 +5,7 @@ require_relative '../dependency_installer'
 require_relative '../local_remote_options'
 require_relative '../validator'
 require_relative '../version_option'
+require_relative '../printable_uri'
 
 ##
 # Gem installer command line tool
@@ -260,7 +261,8 @@ You can use `i` command instead of `install`.
     errors.each do |x|
       return unless Gem::SourceFetchProblem === x
 
-      msg = "Unable to pull data from '#{x.source.uri}': #{x.error.message}"
+      printable_uri = Gem::PrintableUri.parse_uri(x.source.uri.clone)
+      msg = "Unable to pull data from '#{printable_uri}': #{x.error.message}"
 
       alert_warning msg
     end
-- 
cgit v1.2.3