On Monday, June 12, 2023 12:59 PM, Douglas R. Reno wrote: >While building git-2.41.0 with curl-8.1.2 installed, I've noticed three test failures. >They appear to be coming from t5559-http-fetch-smart-http2.sh. Here are the details >from the tests: > >not ok 17 - GIT_TRACE_CURL redacts auth details # # rm -rf redact-auth >trace && # set_askpass user@host pass@host && ># GIT_TRACE_CURL="$(pwd)/trace" git clone --bare >"$HTTPD_URL/auth/smart/repo.git" redact-auth && # expect_askpass both >user@host && # # # Ensure that there is no "Basic" followed by a base64 >string, but that # # the auth details are redacted # ! grep -i >"Authorization: Basic [0-9a-zA-Z+/]" trace && # grep -i "Authorization: Basic ><redacted>" trace # not ok 18 - GIT_CURL_VERBOSE redacts auth details # ># rm -rf redact-auth trace && # set_askpass user@host pass@host >&& # GIT_CURL_VERBOSE=1 git clone --bare >"$HTTPD_URL/auth/smart/repo.git" redact-auth 2>trace && ># expect_askpass both user@host && # # # Ensure that there is no >"Basic" followed by a base64 string, but that # # the auth details are >redacted # ! grep -i "Authorization: Basic [0-9a-zA-Z+/]" trace && ># grep -i "Authorization: Basic <redacted>" trace # > >ok 19 - GIT_TRACE_CURL does not redact auth details if GIT_TRACE_REDACT=0 ok 20 >- disable dumb http on server ok 21 - GIT_SMART_HTTP can disable smart http ok 22 >- invalid Content-Type rejected ok 23 - create namespaced refs ok 24 - smart clone >respects namespace ok 25 - dumb clone via http-backend respects namespace ok 26 - >cookies stored in http.cookiefile when http.savecookies set ok 27 - transfer.hiderefs >works over smart-http ok 28 - create 2,000 tags in the repo ok 29 - clone the 2,000 >tag repo to check OS command line overflow ok 30 - large fetch-pack requests can be >sent using chunked encoding ok 31 - test allowreachablesha1inwant ok 32 - test >allowreachablesha1inwant with unreachable ok 33 - test allowanysha1inwant with >unreachable ok 34 # skip http can handle enormous ref negotiation (missing >EXPENSIVE) ok 35 - custom http headers ok 36 - using fetch command in remote-curl >updates refs ok 37 - fetch by SHA-1 without tag following not ok 38 - cookies are >redacted by default # # rm -rf clone && # echo "Set-Cookie: Foo=1" >>cookies && # echo "Set-Cookie: Bar=2" >>cookies && ># GIT_TRACE_CURL=true \ # git -c >"http.cookieFile=$(pwd)/cookies" clone \ # $HTTPD_URL/smart/repo.git >clone 2>err && # grep -i "Cookie:.*Foo=<redacted>" err && # grep >-i "Cookie:.*Bar=<redacted>" err && # ! grep -i "Cookie:.*Foo=1" err && ># ! grep -i "Cookie:.*Bar=2" err # > > >I've done a bit of investigation and found the directory where it's saving the results to, >"trash directory.t5559-http-fetch-smart-http2". >After changing to that directory and running 'grep -i "Authorization: >Basic"' trace, I get: > >renodr [ /sources/git-2.41.0/git-2.41.0/t/trash >directory.t5559-http-fetch-smart-http2 ]$ grep -i "Authorization: Basic" >trace >== Info: h2 [authorization: Basic dXNlckBob3N0OnBhc3NAaG9zdA==] => Send header: >Authorization: Basic dXNlckBob3N0OnBhc3NAaG9zdA== == Info: h2 [authorization: >Basic dXNlckBob3N0OnBhc3NAaG9zdA==] => Send header: Authorization: Basic >dXNlckBob3N0OnBhc3NAaG9zdA== == Info: h2 [authorization: Basic >dXNlckBob3N0OnBhc3NAaG9zdA==] => Send header: Authorization: Basic >dXNlckBob3N0OnBhc3NAaG9zdA== > >Checking the 'err' file where the cookies test was supposed to be looking in results in: > >renodr [ /sources/git-2.41.0/git-2.41.0/t/trash >directory.t5559-http-fetch-smart-http2 ]$ cat err >fatal: URL >'https://user%40host:<redacted>@127.0.0.1:5559/auth/smart/repo.git' uses plaintext >credentials > >Please let me know if there's any way that I can help diagnose this further! Curl, for at least a year (Curl issue #8654), does not support blanks in URLs of any kind. Have you found any of these? -Randall
