Redact HTTP credentials from "Syncing…" message (#3846) (#3847)

This commit is contained in:
Nick Grimshaw 2025-04-14 18:08:32 +01:00 committed by GitHub
parent 5b70ce6be2
commit 15bb71764e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -36,6 +36,7 @@
#include <taskchampion-cpp/lib.h>
#include <util.h>
#include <regex>
#include <sstream>
////////////////////////////////////////////////////////////////////////////////
@ -78,6 +79,10 @@ int CmdSync::execute(std::string& output) {
out << "sync.server.origin is deprecated. Use sync.server.url instead.\n";
}
// redact credentials from `server_url`, if present
std::regex remove_creds_regex("^(https?://.+):(.+)@(.+)");
std::string safe_server_url = std::regex_replace(server_url, remove_creds_regex, "$1:****@$3");
if (server_dir != "") {
if (verbose) {
out << format("Syncing with {1}", server_dir) << '\n';
@ -144,7 +149,7 @@ int CmdSync::execute(std::string& output) {
throw std::string("sync.server.client_id and sync.encryption_secret are required");
}
if (verbose) {
out << format("Syncing with sync server at {1}", server_url) << '\n';
out << format("Syncing with sync server at {1}", safe_server_url) << '\n';
}
replica->sync_to_remote(server_url, tc::uuid_from_string(client_id), encryption_secret,
avoid_snapshots);