On Wed, Jan 17, 2018 at 7:34 PM, Jonathan Tan <jonathantanmy@xxxxxxxxxx> wrote: > When using GIT_TRACE_CURL, Git already redacts the "Authorization:" and > "Proxy-Authorization:" HTTP headers. Extend this redaction to a > user-specified list of cookies, specified through the > "GIT_REDACT_COOKIES" environment variable. > > Signed-off-by: Jonathan Tan <jonathantanmy@xxxxxxxxxx> > --- > http.c | 55 +++++++++++++++++++++++++++++++++++++++++++++ > t/t5551-http-fetch-smart.sh | 12 ++++++++++ > 2 files changed, 67 insertions(+) Please document GIT_REDACT_COOKIES in Documentation/git.txt. > diff --git a/t/t5551-http-fetch-smart.sh b/t/t5551-http-fetch-smart.sh > @@ -364,5 +364,17 @@ test_expect_success 'custom http headers' ' > +test_expect_success 'GIT_REDACT_COOKIES redacts cookies' ' > + rm -rf clone && > + echo "Set-Cookie: NotSecret=Foo" >cookies && > + echo "Set-Cookie: Secret=Bar" >>cookies && > + GIT_TRACE_CURL=true GIT_REDACT_COOKIES=Secret,AnotherSecret \ > + git -c "http.cookieFile=$(pwd)/cookies" clone \ > + $HTTPD_URL/smart/repo.git clone 2>err && > + grep "Cookie:.*NotSecret=Foo" err && > + grep "Cookie:.*Secret=<redacted>" err && > + ! grep "Cookie:.*Secret=Bar" err > +' The looseness of these grep expressions (/Cookie:.*Secret/ also matches "Cookie: NotSecret", for instance) requires extra concentration on the part of the reader to see that you do indeed cover all cases. I wonder, therefore, if it would be better to tighten them to instead match the exact string. Also, after reading the implementation, I had expected to see testing of the "Cookie: foo=bar; cow=moo" case, as well as the handled corner cases, such as missing missing "=" and missing value after "=".
