envcmd: Replace any non-empty password in GOPROXY #37873

oiooj · 2020-03-16T02:06:03Z

When a user submits an issue, we also need the user to file the output of go env(many users don't use go bug command), so we should replace any non-empty password in GOPROXY environment by default. The string form replaces password in the original URL with "[redacted]". Like go get -x:

MBA:/tmp$ go get -x -v golang.org/x/tools
# get https://oiooj:%5Bredacted%5D@goproxy.io/golang.org/x/@v/list
# get https://oiooj:%5Bredacted%5D@goproxy.io/golang.org/x/tools/@v/list
# get https://oiooj:%5Bredacted%5D@goproxy.io/golang.org/@v/list
# get https://oiooj:%5Bredacted%5D@goproxy.io/golang.org/x/tools/@v/list: 200 OK (0.649s)
# get https://oiooj:%5Bredacted%5D@goproxy.io/golang.org/x/tools/@latest
# get https://oiooj:%5Bredacted%5D@goproxy.io/golang.org/x/@v/list: 404 Not Found (0.649s)
# get https://oiooj:%5Bredacted%5D@goproxy.io/golang.org/@v/list: 404 Not Found (0.649s)
# get https://oiooj:%5Bredacted%5D@goproxy.io/golang.org/x/tools/@latest: 200 OK (0.006s)
go: downloading golang.org/x/tools v0.0.0-20200313205530-4303120df7d8
# get https://oiooj:%5Bredacted%5D@goproxy.io/golang.org/x/tools/@v/v0.0.0-20200313205530-4303120df7d8.zip
# get https://oiooj:%5Bredacted%5D@goproxy.io/golang.org/x/tools/@v/v0.0.0-20200313205530-4303120df7d8.zip: 200 OK (0.196s)
go: golang.org/x/tools upgrade => v0.0.0-20200313205530-4303120df7d8
# get https://oiooj:%5Bredacted%5D@goproxy.io/golang.org/x/tools/@v/v0.0.0-20200313205530-4303120df7d8.mod
# get https://oiooj:%5Bredacted%5D@goproxy.io/golang.org/x/tools/@v/v0.0.0-20200313205530-4303120df7d8.mod: 200 OK (0.032s)
# get https://oiooj:%5Bredacted%5D@goproxy.io/github.com/yuin/goldmark/@v/v1.1.25.mod
# get https://oiooj:%5Bredacted%5D@goproxy.io/github.com/yuin/goldmark/@v/v1.1.25.mod: 200 OK (0.028s)

MBA:/tmp$ go env
GO111MODULE="on"
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/test/Library/Caches/go-build"
GOENV="/Users/test/Library/Application Support/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOINSECURE=""
GONOPROXY="*.test.com"
GONOSUMDB="*.test.com"
GOOS="darwin"
GOPATH="/Users/test/golang"
GOPRIVATE="*.test.com"
GOPROXY="https://username:%5Bredacted%5D@goproxy.io,direct"
GOROOT="/usr/local/go"
GOSUMDB="off"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/dev/null"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/hg/ss37ccnn4_1fhhg_tdrzhggh0000gn/T/go-build962445838=/tmp/go-build -gno-record-gcc-switches -fno-common"

We should only change the go env and go bug command, we can get the original config from go env GOPROXY and go env -json at this time, since some tools today expect to parse go env GOPROXY and use -json option.

The text was updated successfully, but these errors were encountered:

oiooj · 2020-03-16T02:07:12Z

/cc @rsc @jayconrod @bcmills @FiloSottile @katiehockman

jayconrod · 2020-03-16T14:01:21Z

I think this is the same issue as in CL 223098.

I'd lean toward redacting go bug but not go env.

Ideally, passwords and secrets would be in ~/.netrc, but I don't think that's adequately documented yet.

bcmills · 2020-03-16T15:06:22Z

Yikes, I didn't realize those brackets would be percent-escaped. I think we need to fix web.Redact... 😅

bcmills · 2020-03-16T18:22:58Z

So, thinking about this some more:

On the one hand, tools may reasonably expect go env to report the actual environment in use.
On the other hand, if folks are using .netrc as we recommend, they won't have credentials in go env in the first place, so it really doesn't matter.
On the gripping hand, now that .netrc handling is fixed maybe we shouldn't allow credentials in GOPROXY at all. Then there would be no question about whether we would print those credentials. (See cmd/go: GOPROXY credentials exposed in case of errors #30610.)

gopherbot · 2020-03-17T01:31:57Z

Change https://golang.org/cl/223757 mentions this issue: cmd/go/internal/web: Redacts any password with "xxxxx"

Updates #37873 Change-Id: I2228f31fc7bd7daef086cd05d365fa7c68e60a83 Reviewed-on: https://go-review.googlesource.com/c/go/+/223757 Reviewed-by: Bryan C. Mills <bcmills@google.com> Run-TryBot: Bryan C. Mills <bcmills@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org>

Updates golang#37873 Change-Id: I2228f31fc7bd7daef086cd05d365fa7c68e60a83 Reviewed-on: https://go-review.googlesource.com/c/go/+/223757 Reviewed-by: Bryan C. Mills <bcmills@google.com> Run-TryBot: Bryan C. Mills <bcmills@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org>

oiooj added the GoCommand cmd/go label Mar 16, 2020

jayconrod added the NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. label Mar 16, 2020

jayconrod added this to the Backlog milestone Mar 16, 2020

odeke-em mentioned this issue Mar 21, 2020

net/url: add URL.Redacted to return password-free string #34855

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

envcmd: Replace any non-empty password in GOPROXY #37873

envcmd: Replace any non-empty password in GOPROXY #37873

oiooj commented Mar 16, 2020

oiooj commented Mar 16, 2020

jayconrod commented Mar 16, 2020

bcmills commented Mar 16, 2020

bcmills commented Mar 16, 2020

gopherbot commented Mar 17, 2020

envcmd: Replace any non-empty password in GOPROXY #37873

envcmd: Replace any non-empty password in GOPROXY #37873

Comments

oiooj commented Mar 16, 2020

oiooj commented Mar 16, 2020

jayconrod commented Mar 16, 2020

bcmills commented Mar 16, 2020

bcmills commented Mar 16, 2020

gopherbot commented Mar 17, 2020