From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS3215 2.6.0.0/16 X-Spam-Status: No, score=-3.8 required=3.0 tests=AWL,BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by dcvr.yhbt.net (Postfix) with ESMTP id E9F1B1F910 for ; Fri, 11 Nov 2022 02:29:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231820AbiKKC3T (ORCPT ); Thu, 10 Nov 2022 21:29:19 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45012 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231235AbiKKC3S (ORCPT ); Thu, 10 Nov 2022 21:29:18 -0500 Received: from cloud.peff.net (cloud.peff.net [104.130.231.41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DE3E7D11A for ; Thu, 10 Nov 2022 18:29:16 -0800 (PST) Received: (qmail 28362 invoked by uid 109); 11 Nov 2022 02:29:16 -0000 Received: from Unknown (HELO peff.net) (10.0.1.2) by cloud.peff.net (qpsmtpd/0.94) with ESMTP; Fri, 11 Nov 2022 02:29:16 +0000 Authentication-Results: cloud.peff.net; auth=none Received: (qmail 32680 invoked by uid 111); 11 Nov 2022 02:29:17 -0000 Received: from coredump.intra.peff.net (HELO sigill.intra.peff.net) (10.0.0.2) by peff.net (qpsmtpd/0.94) with (TLS_AES_256_GCM_SHA384 encrypted) ESMTPS; Thu, 10 Nov 2022 21:29:17 -0500 Authentication-Results: peff.net; auth=none Date: Thu, 10 Nov 2022 21:29:15 -0500 From: Jeff King To: Glen Choo Cc: Taylor Blau , Glen Choo via GitGitGadget , git@vger.kernel.org Subject: Re: [PATCH] http: redact curl h2h3 headers in info Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org On Thu, Nov 10, 2022 at 02:53:54PM -0800, Glen Choo wrote: > > There's some discussion in b66c77a64e (http: match headers > > case-insensitively when redacting, 2021-09-22) about testing with > > HTTP/2. Which ironically is basically this exact same bug in a different > > form. ;) > > > > The short answer is that it's do-able, but probably there are some > > headaches to make it work portably. > > Argh, what a shame :( Okay, maybe it's not worth trying to use httpd > then. > > Some other ideas I had were: > > - Create a test-tool that calls the redaction logic directly (without > involving about curl), and we pass the strings we want to redacted to > it. Way less than ideal, since we'd never be able to proactively catch > failures, but better than nothing I suppose. I don't think this is worth the effort. It's nice to exercise the code a bit, but it wouldn't have actually found this regression, since the unexpected thing here was curl changing. > - Write our own HTTP/2 server for redaction tests. I assume this won't > be trivial, but maybe not prohibitive, e.g. [1] implements its own > http server for credential helper tests. These seems like a lot more work than just setting up HTTP/2 support for Apache. I checked the recipe from b66c77a64e, and it still works. It does indeed find the bug (my curl is 7.86.0) and confirms your fix. I think a simple path forward could be something like: - teach lib-httpd to conditionally use the current set up versus the http2 one outlined in b66c77a64e - push most of t5551 into a lib-http-fetch.sh; the client-side set up from b66c77a64e checks for an HTTP2 prereq. The test that looks for chunked encoding (and only works on HTTP1) checks for !HTTP2. - t5551 tells lib-httpd to use the usual setup, and then sources lib-http-fetch; it behaves as before - t5559 (sadly, not contiguous without renumbering intermediate tests) tells lib-httpd to use http2, and sets the HTTP2 prereq. It runs the same tests but via http2. We don't get the _whole_ test suite running with http2, but hopefully it gives us a fairly representative sample. And it does find this bug. I can try to work the above into patch form, but I may not get to it for a day or two. -Peff