mask download url when there is a password

[jinxiao]

Pull Request

mask download url when there is a password.

Problem

When I use export N_NODE_MIRROR with username and password, I found that the password is a plaintext which cause our security concern.

Solution

I introduce a new variable called masked_url, when called log or something want to output the url, can use this variable.

ChangeLog

[shadowspawn]

I am open to this. There are quite a log of places an URL gets displayed. One place I am particularly aware of is in show_diagnostics, enough that I put in a warning Note: some output may contain passwords. Redact before sharing..

I suggest move the masking code into a function, say display_masked_url, so it can be used in more places.

[jinxiao]

I am open to this. There are quite a log of places an URL gets displayed. One place I am particularly aware of is in show_diagnostics, enough that I put in a warning Note: some output may contain passwords. Redact before sharing..

I suggest move the masking code into a function, say display_masked_url, so it can be used in more places.

Good idea, I have changed this. Could you please have a check? I also changed the download URL in diagnostics to avoid any password leakage.

[shadowspawn]

The quotes are a bit tricky with the nesting!

[shadowspawn]

(Closed by mistake.)

[shadowspawn]

I misunderstood a couple of the uses, so added suggestions to preserve the original style.

[shadowspawn]

I was worried about spaces in password, but now I remember username and password need to be url-encoded for robustness anyway: https://github.com/tj/n/blob/master/docs/proxy-server.md

However, adding the quotes around the variable expansions fixes warnings from shellcheck so I would have wanted the changes anyway.

[shadowspawn]

Thanks @jinxiao

[shadowspawn]

Released in v10.1.0