From c9bf21a1b7aad75370c3d7d92a78642f0b4594a6 Mon Sep 17 00:00:00 2001 From: Austin Dizzy Date: Wed, 18 Mar 2015 00:22:50 -0400 Subject: [PATCH] Redact client_id and client_secret from error. The client_id and client_secret URL variables, containing sensitive app information, are leaked to users if the Go error is returned to them. To prevent this, sanitizeURL redacts the fields from ErrorResponse's Error method. Therefore making the error message safe to expose to users. --- github/github.go | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/github/github.go b/github/github.go index 52699eb..a5ea1f2 100644 --- a/github/github.go +++ b/github/github.go @@ -333,10 +333,25 @@ type ErrorResponse struct { func (r *ErrorResponse) Error() string { return fmt.Sprintf("%v %v: %d %v %+v", - r.Response.Request.Method, r.Response.Request.URL, + r.Response.Request.Method, sanitizeURL(r.Response.Request.URL), r.Response.StatusCode, r.Message, r.Errors) } +// sanitizeURL redacts the client_id and client_secret tokens from the URL which +// may be exposed to the user, specifically in the ErrorResponse error message. +func sanitizeURL(uri *url.URL) *url.URL { + if uri == nil { + return nil + } + params := uri.Query() + if len(params.Get("client_secret")) > 0 || len(params.Get("client_id")) > 0 { + params.Set("client_id", "REDACTED") + params.Set("client_secret", "REDACTED") + uri.RawQuery = params.Encode() + } + return uri +} + /* An Error reports more details on an individual error in an ErrorResponse. These are the possible validation error codes: