Skip to content

Commit

Permalink
fix: correct password redaction
Browse files Browse the repository at this point in the history
Avoids setting '***' at the start of urls witout passwords, avoids
hazard if a password is 'https:'.
  • Loading branch information
isaacs committed Aug 17, 2020
1 parent 2275f55 commit 110032b
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 3 deletions.
7 changes: 5 additions & 2 deletions check-response.js
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,12 @@ function logRequest (method, res, startTime, opts) {

let urlStr
try {
const { URL } = require('url')
const URL = require('url').URL
const url = new URL(res.url)
urlStr = res.url.replace(url.password, '***')
if (url.password) {
url.password = '***'
}
urlStr = url.toString()
} catch (er) {
urlStr = res.url
}
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
"scripts": {
"prerelease": "npm t",
"postrelease": "npm publish && git push --follow-tags",
"pretest": "standard",
"posttest": "standard",
"release": "standard-version -s",
"test": "tap -J --coverage test/*.js",
"update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
Expand Down

0 comments on commit 110032b

Please sign in to comment.