From: Eric Sunshine <sunshine@sunshineco.com>
To: Jonathan Tan <jonathantanmy@google.com>
Cc: Git List <git@vger.kernel.org>
Subject: Re: [RFC PATCH 1/2] http: support cookie redaction when tracing
Date: Thu, 18 Jan 2018 13:25:12 -0500 [thread overview]
Message-ID: <CAPig+cRyTL6LXk0JXTcotP8yco1-TxRVZxOWEu-YOnUfEhjr=g@mail.gmail.com> (raw)
In-Reply-To: <b0d7c8cbdd1c6e32f05f95ebde4612eb8bd16fdf.1516235197.git.jonathantanmy@google.com>
On Wed, Jan 17, 2018 at 7:34 PM, Jonathan Tan <jonathantanmy@google.com> wrote:
> When using GIT_TRACE_CURL, Git already redacts the "Authorization:" and
> "Proxy-Authorization:" HTTP headers. Extend this redaction to a
> user-specified list of cookies, specified through the
> "GIT_REDACT_COOKIES" environment variable.
>
> Signed-off-by: Jonathan Tan <jonathantanmy@google.com>
> ---
> http.c | 55 +++++++++++++++++++++++++++++++++++++++++++++
> t/t5551-http-fetch-smart.sh | 12 ++++++++++
> 2 files changed, 67 insertions(+)
Please document GIT_REDACT_COOKIES in Documentation/git.txt.
> diff --git a/t/t5551-http-fetch-smart.sh b/t/t5551-http-fetch-smart.sh
> @@ -364,5 +364,17 @@ test_expect_success 'custom http headers' '
> +test_expect_success 'GIT_REDACT_COOKIES redacts cookies' '
> + rm -rf clone &&
> + echo "Set-Cookie: NotSecret=Foo" >cookies &&
> + echo "Set-Cookie: Secret=Bar" >>cookies &&
> + GIT_TRACE_CURL=true GIT_REDACT_COOKIES=Secret,AnotherSecret \
> + git -c "http.cookieFile=$(pwd)/cookies" clone \
> + $HTTPD_URL/smart/repo.git clone 2>err &&
> + grep "Cookie:.*NotSecret=Foo" err &&
> + grep "Cookie:.*Secret=<redacted>" err &&
> + ! grep "Cookie:.*Secret=Bar" err
> +'
The looseness of these grep expressions (/Cookie:.*Secret/ also
matches "Cookie: NotSecret", for instance) requires extra
concentration on the part of the reader to see that you do indeed
cover all cases. I wonder, therefore, if it would be better to tighten
them to instead match the exact string.
Also, after reading the implementation, I had expected to see testing
of the "Cookie: foo=bar; cow=moo" case, as well as the handled corner
cases, such as missing missing "=" and missing value after "=".
next prev parent reply other threads:[~2018-01-18 18:25 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-18 0:34 [RFC PATCH 0/2] Cookie redaction during GIT_TRACE_CURL Jonathan Tan
2018-01-18 0:34 ` [RFC PATCH 1/2] http: support cookie redaction when tracing Jonathan Tan
2018-01-18 18:25 ` Eric Sunshine [this message]
2018-01-18 0:34 ` [RFC PATCH 2/2] http: support omitting data from traces Jonathan Tan
2018-01-18 18:25 ` Eric Sunshine
2018-01-19 0:28 ` [PATCH v2 0/2] Cookie redaction during GIT_TRACE_CURL Jonathan Tan
2018-01-19 0:28 ` [PATCH v2 1/2] http: support cookie redaction when tracing Jonathan Tan
2018-01-19 0:28 ` [PATCH v2 2/2] http: support omitting data from traces Jonathan Tan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAPig+cRyTL6LXk0JXTcotP8yco1-TxRVZxOWEu-YOnUfEhjr=g@mail.gmail.com' \
--to=sunshine@sunshineco.com \
--cc=git@vger.kernel.org \
--cc=jonathantanmy@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).