From 25def02a7f57cb4af3d924bc9a26b76c72cef8c3 Mon Sep 17 00:00:00 2001
From: Kapil Ramwani <50957624+codeknight03@users.noreply.github.com>
Date: Fri, 21 Jun 2024 19:49:06 +0530
Subject: [PATCH] Fix: Hide config.SecretURL when the URL is incorrect. (#3887)

* fix: Hide config.SecretURL when the URL is incorrect.

    Updated the config.go to redact the URL.
    Added test cases to check URL stays hidden.
Signed-off-by: Kapil Ramwani(kanishkramwani6@gmail.com)

---------

Signed-off-by: Simon Pasquier <spasquie@redhat.com>
Co-authored-by: Simon Pasquier <spasquie@redhat.com>
---
 config/config.go      | 7 ++++++-
 config/config_test.go | 9 +++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/config/config.go b/config/config.go
index cdc83e37..820d71c7 100644
--- a/config/config.go
+++ b/config/config.go
@@ -165,7 +165,12 @@ func (s *SecretURL) UnmarshalJSON(data []byte) error {
 		s.URL = &url.URL{}
 		return nil
 	}
-	return json.Unmarshal(data, (*URL)(s))
+	// Redact the secret URL in case of errors
+	if err := json.Unmarshal(data, (*URL)(s)); err != nil {
+		return errors.New(strings.ReplaceAll(err.Error(), string(data), "[REDACTED]"))
+	}
+
+	return nil
 }
 
 // Load parses the YAML input s into a Config.
diff --git a/config/config_test.go b/config/config_test.go
index 7aba475f..605054e5 100644
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -602,6 +602,15 @@ func TestUnmarshalSecretURL(t *testing.T) {
 	require.Equal(t, "http://example.com/se%20cret", u.String(), "SecretURL not properly unmarshaled in YAML.")
 }
 
+func TestHideSecretURL(t *testing.T) {
+	b := []byte(`"://wrongurl/"`)
+	var u SecretURL
+
+	err := json.Unmarshal(b, &u)
+	require.Error(t, err)
+	require.NotContains(t, err.Error(), "wrongurl")
+}
+
 func TestMarshalURL(t *testing.T) {
 	for name, tc := range map[string]struct {
 		input        *URL