Jonathan Tan <jonathantanmy@xxxxxxxxxx> writes:
> diff --git a/http.c b/http.c
> index 62aa995245..77eac95d64 100644
> --- a/http.c
> +++ b/http.c
> @@ -18,6 +18,7 @@
>
> static struct trace_key trace_curl = TRACE_KEY_INIT(CURL);
> static int trace_curl_data = 1;
> +static int trace_curl_redact_authorization = 1;
> static struct string_list cookies_to_redact = STRING_LIST_INIT_DUP;
> #if LIBCURL_VERSION_NUM >= 0x070a08
> long int git_curl_ipresolve = CURL_IPRESOLVE_WHATEVER;
> @@ -642,8 +643,9 @@ static void redact_sensitive_header(struct strbuf *header)
> {
> const char *sensitive_header;
>
> - if (skip_prefix(header->buf, "Authorization:", &sensitive_header) ||
> - skip_prefix(header->buf, "Proxy-Authorization:", &sensitive_header)) {
> + if (trace_curl_redact_authorization &&
> + (skip_prefix(header->buf, "Authorization:", &sensitive_header) ||
> + skip_prefix(header->buf, "Proxy-Authorization:", &sensitive_header))) {
Nice.
> /* The first token is the type, which is OK to log */
> while (isspace(*sensitive_header))
> sensitive_header++;
> @@ -859,6 +861,7 @@ static int get_curl_http_version_opt(const char *version_string, long *opt)
> static CURL *get_curl_handle(void)
> {
> CURL *result = curl_easy_init();
> + const char *redact_authorization_envvar;
>
> if (!result)
> die("curl_easy_init failed");
> @@ -997,6 +1000,10 @@ static CURL *get_curl_handle(void)
> setup_curl_trace(result);
> if (getenv("GIT_TRACE_CURL_NO_DATA"))
> trace_curl_data = 0;
> + redact_authorization_envvar = getenv("GIT_REDACT_AUTHORIZATION");
> + if (redact_authorization_envvar &&
> + !strcmp(redact_authorization_envvar, "0"))
> + trace_curl_redact_authorization = 0;
Wasn't git_env_bool() designed exactly for this kind of usage?
Thanks.
