Fix: Hide config.SecretURL when the URL is incorrect. (prometheus#3887)

* fix: Hide config.SecretURL when the URL is incorrect. Updated the config.go to redact the URL. Added test cases to check URL stays hidden. Signed-off-by: Kapil Ramwani(kanishkramwani6@gmail.com) --------- Signed-off-by: Simon Pasquier <spasquie@redhat.com> Co-authored-by: Simon Pasquier <spasquie@redhat.com>
TheMeier · Sep 29, 2024 · 0cd874a · 0cd874a
1 parent 90dc5e7
commit 0cd874a
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/config/config.go b/config/config.go
@@ -165,7 +165,12 @@ func (s *SecretURL) UnmarshalJSON(data []byte) error {
 		s.URL = &url.URL{}
 		return nil
 	}
-	return json.Unmarshal(data, (*URL)(s))
+	// Redact the secret URL in case of errors
+	if err := json.Unmarshal(data, (*URL)(s)); err != nil {
+		return errors.New(strings.ReplaceAll(err.Error(), string(data), "[REDACTED]"))
+	}
+
+	return nil
 }
 
 // Load parses the YAML input s into a Config.

diff --git a/config/config_test.go b/config/config_test.go
@@ -602,6 +602,15 @@ func TestUnmarshalSecretURL(t *testing.T) {
 	require.Equal(t, "http://example.com/se%20cret", u.String(), "SecretURL not properly unmarshaled in YAML.")
 }
 
+func TestHideSecretURL(t *testing.T) {
+	b := []byte(`"://wrongurl/"`)
+	var u SecretURL
+
+	err := json.Unmarshal(b, &u)
+	require.Error(t, err)
+	require.NotContains(t, err.Error(), "wrongurl")
+}
+
 func TestMarshalURL(t *testing.T) {
 	for name, tc := range map[string]struct {
 		input        *URL