From 66fa8f94266e6fc3760839134412e049397ee11c Mon Sep 17 00:00:00 2001
From: Igor <igorwwwwwwwwwwwwwwwwwwww@users.noreply.github.com>
Date: Fri, 17 Dec 2021 09:58:24 +0100
Subject: [PATCH] Redact password from URL in infof logging (#1559)

The `Infof` call that logs requests currently leaks the
basic auth password through the URL.

By using URL.Redacted(), we can replace the
password with "xxxxx" in the log message.

Close #1459
---
 client.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client.go b/client.go
index 9642e93b..b8886eb9 100644
--- a/client.go
+++ b/client.go
@@ -1502,7 +1502,7 @@ func (c *Client) PerformRequest(ctx context.Context, opt PerformRequestOptions)
 	duration := time.Now().UTC().Sub(start)
 	c.infof("%s %s [status:%d, request:%.3fs]",
 		strings.ToUpper(opt.Method),
-		req.URL,
+		req.URL.Redacted(),
 		resp.StatusCode,
 		float64(int64(duration/time.Millisecond))/1000)