[PATCH v2 0/3] Safer GIT_CURL_VERBOSE

[Jonathan Tan <jonathantanmy@google.com>]

Thanks everyone. I went ahead with GIT_REDACT_AUTHORIZATION to match
GIT_REDACT_COOKIES, with the default being true (i.e. you need to set it
to "0" to have behavior change).

An alternative is to name it as non-authorization-specific, e.g.
GIT_TRACE_REDACT, as suggested by others. But as far as I can tell, we
currently only redact auth (by default) and cookies (opt-in, since we
need the user to tell us exactly which cookies to redact), so it seems
better to me to have auth redaction be a peer to cookie redaction,
rather than being controlled by a flag that controls everything.

Jonathan Tan (3):
  t5551: test that GIT_TRACE_CURL redacts password
  http: make GIT_TRACE_CURL auth redaction optional
  http, imap-send: stop using CURLOPT_VERBOSE

 Documentation/git.txt        |  8 +++++--
 http.c                       | 19 ++++++++++++---
 http.h                       |  7 ++++++
 imap-send.c                  |  2 +-
 t/t5551-http-fetch-smart.sh  | 46 ++++++++++++++++++++++++++++++++++++
 t/t5581-http-curl-verbose.sh |  2 +-
 trace.c                      | 20 ++++++++++++----
 trace.h                      |  6 +++++
 8 files changed, 99 insertions(+), 11 deletions(-)

Range-diff against v1:
-:  ---------- > 1:  8c70a45b24 http: make GIT_TRACE_CURL auth redaction optional
1:  1df9e9deb7 ! 2:  f5a29e8fa1 http, imap-send: stop using CURLOPT_VERBOSE
    @@ imap-send.c: static CURL *setup_curl(struct imap_server_conf *srvc, struct crede
      	return curl;
     
      ## t/t5551-http-fetch-smart.sh ##
    -@@ t/t5551-http-fetch-smart.sh: test_expect_success 'GIT_TRACE_CURL redacts auth details' '
    - 	grep "Authorization: Basic <redacted>" trace
    +@@ t/t5551-http-fetch-smart.sh: test_expect_success 'GIT_TRACE_CURL does not redact auth details if GIT_REDACT_A
    + 	grep "Authorization: Basic [0-9a-zA-Z+/]" trace
      '
      
     +test_expect_success 'GIT_CURL_VERBOSE redacts auth details' '
-- 
2.26.2.645.ge9eca65c58-goog