Jeff King <peff@xxxxxxxx> writes: > # Ensure that there is no "Basic" followed by a base64 string, but that > # the auth details are redacted > ! grep "Authorization: Basic [0-9a-zA-Z+/]" trace && > grep "Authorization: Basic <redacted>" trace > > gets confused. It sees the "<redacted>" one from the pre-upgrade > HTTP/1.1 request, but fails to see the unredacted HTTP/2 one, because it > does not match the lower-case "authorization". Neither pattern of the above two will not match the HTTP/2 one, so the first one would report "there is no leakage of Auth with a caplital letter"; the second one may see only one pre-upgrade Auth with a capital letter, but as long as it does find one, it should be happy, no? I am a bit puzzled how the test gets confused.
