Mask proxy credentials in log output

[mpreu]

What is the existing functionality and how should it be enhanced?

In version 35.0.0, with log level info, a summary of relevant environment variables is printed:

Environment variables:                                                        
ORT_CONFIG_DIR = /home/ort/.ort/config                                        
ORT_DATA_DIR = /home/ort/.ort                                                 
HOME = /home/ort                                                              
TERM = xterm                                                                  
http_proxy = http://user:password@host:port                    
https_proxy = http://user:password@host:port                
JAVA_HOME = /opt/java/openjdk

This includes the proxy variables http_proxy and https_proxy. In case these variables contain credentials for an authenticated proxy, they are printed without any masking.

As proxy variables are a well known location where credentials can occur, it should be ensured that secrets are masked in every output:

http_proxy = http://***:***@host:port                    
https_proxy = http:///***:***@host:port      

What is the use-case for your enhancement?

Using the logs in CI/CD systems without distributing secrets to all users with read access. Authenticated proxies are a regular occurrence in corporate environments.

Alternatives you have considered

Remove proxy variables completely from environment summary.

Additional context

[sschuberth]

Thanks for the report! A fix is underway.

Using the logs in CI/CD systems without distributing secrets to all users with read access.

Just as a note, as I see you're into Kubernetes and OpenShift, you might be interested in operating ORT via the server as well.