Redact basic authentication passwords from log messages

[orf]

This PR #5590 had merge conflicts, so I made a new one with the changes suggested. Fixes #4746

[cjerdonek]

I would pull this function out to module level so it can be tested separately. You can use the same parametrized test cases as test_split_auth_from_netloc(). This will combinatorially cut down the number of test cases you need to properly test redact_password_from_url(), since redact_password_from_url() will be a simple combination of redact_netloc() and transform_url().

[cjerdonek]

I would move this function to be above redact_password_from_url() and remove_auth_from_url() (and after redact_netloc()), since it is used in both of them, and it is nice to have a progression so that functions within a module depend only on functions that precede them (so it can be read from top to bottom).

[cjerdonek]

Spelling: transform_netloc()

[cjerdonek]

I would leave these test cases alone in the same order, especially if you're not changing them. Otherwise, it makes it needlessly harder to tell whether the tests have been changed or not.

[cjerdonek]

This seems like more test cases than you need. If you break out redact_netloc() like I suggested above and test it separately, you should be able to reduce the number of test cases you need for combinatorial reasons. You can focus on testing redact_netloc() well (which is a simpler function). And then test_redact_password_from_url() can be limited to making sure that redact_password_from_url() is "wired up" correctly from redact_netloc() and transform_url().

[orf]

Thanks for the prompt review @cjerdonek. I've made the changes you requested. Regarding testing, I just did a mock.patch to assert that redact_password_from_url is hooked up correctly. Is this OK?

[cjerdonek]

This should check for None it seems.

[cjerdonek]

Thanks. Looks a lot better. I’m not a huge fan of mocks, especially when not needed. I think it would be just as good or better to do one or two test cases to confirm that it’s being called (e.g. one with and one without password).

Also, one reason the mock test isn’t so great is that it’s not checking the return value, which is the most important thing to be checking.

[cjerdonek]

I would move this test to be after the split-auth test (so same order as in the module).

[cjerdonek]

How about also checking that “****” is in the result to check / make it more obvious that redaction should be happening?

[BrownTruck]

Hello!

I am an automated bot and I have noticed that this pull request is not currently able to be merged. If you are able to either merge the master branch into this pull request or rebase this pull request against master then it will be eligible for code review and hopefully merging!

[orf]

Thanks for the review @cjerdonek, I've made the changes as requested.

[cjerdonek]

Some more comments.

[cjerdonek]

It seems like trying to mock here just obscures the test.

[cjerdonek]

"user@example.com" isn't a full URL. I would test with an actual URL.

[cjerdonek]

This isn't related to this PR, so I would leave it alone.

[cjerdonek]

You need a period at the end of the sentence.

[cjerdonek]

I would move this function to be after remove_auth_from_url() (since it is a "fancier" version).

[cjerdonek]

I would just write out "password" since it's not that much longer.

[cjerdonek]

Some more.

[cjerdonek]

"passw" -> "password"

[cjerdonek]

I was saying before that I think mocking obscures the test. Why can't you just pass in a few real URL's like the other tests (e.g. one with a user-pass, one with no user-pass, and one with a user but no pass).

[orf]

Yeah good idea, I dislike mocks as well. Done!

[cjerdonek]

Looking a lot better. Thanks!

[cjerdonek]

Some final(?) minor comments.

[cjerdonek]

"Redact the password"

[cjerdonek]

I would mark this private: _transform_url.

[cjerdonek]

I would define the lambda on its own line:
transform_netloc = lambda netloc: split_auth_from_netloc(netloc)[0]

[orf]

The linter dislikes this, and I also try not to do this. I think it's fine as it is?

[cjerdonek]

What does the linter not like? I’m not a fan of cramming a lot into one line. You can also define the function using def syntax.

[orf]

Lambdas are supposed to be anonymous - if you bind them to a name it kind of defeats the point. The linter points this out and tells you to use def.

I'll do whatever you suggest (I don't care that much), but a lambda seems perfect here. A whole named function for this seems overkill.

[cjerdonek]

I just think the code will be easier to understand if you give the function a name (whether that be a lambda or def syntax). It will also have a more parallel / symmetric look with redact_password_from_url below.

[cjerdonek]

"result" -> "actual" to match the earlier test.

[cjerdonek]

"result" -> "actual" (or "url") to match previous tests.

[cjerdonek]

Add space to match previous test: auth_url, expected_url

[cjerdonek]

Closing / opening to trigger CI to re-run.

[cjerdonek]

Thanks a lot for all your work and follow-through on this, @orf.

[orf]

No problem, thank you for the prompt and detailed reviews @cjerdonek 🎉

[haizaar]

Does anyone know when this fix gets released?

[benoit-pierre]

@haizaar : https://github.com/pypa/pip/blob/master/docs/html/development/release-process.rst#release-cadence

[pradyunsg]

It'll be a part of 19.0, scheduled early next year.

pip has a predictable release cadence, which @benoit-pierre linked to.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.