From b3616c08a450d3ea1d036f94bd583bf73219f54d Mon Sep 17 00:00:00 2001 From: Eric Huss Date: Thu, 7 May 2020 19:05:05 -0700 Subject: [PATCH] Try to remove secrets from http.debug. --- src/cargo/ops/registry.rs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/cargo/ops/registry.rs b/src/cargo/ops/registry.rs index 570e6f522bd..a20a22c15d1 100644 --- a/src/cargo/ops/registry.rs +++ b/src/cargo/ops/registry.rs @@ -556,7 +556,12 @@ pub fn configure_http_handle(config: &Config, handle: &mut Easy) -> CargoResult< }; match str::from_utf8(data) { Ok(s) => { - for line in s.lines() { + for mut line in s.lines() { + if line.starts_with("Authorization:") { + line = "Authorization: [REDACTED]"; + } else if line[..line.len().min(10)].eq_ignore_ascii_case("set-cookie") { + line = "set-cookie: [REDACTED]"; + } log!(level, "http-debug: {} {}", prefix, line); } }