omit URL's password when stringifying URL for segment name

aws / aws-xray-sdk-go

AWS X-Ray SDK for the Go programming language.

Apache License 2.0

276 stars 117 forks source link

omit URL's password when stringifying URL for segment name #421

Open aloababa opened 10 months ago

aloababa commented 10 months ago

When instumenting an http.Client with an xray.Client, the segment name is based on url.URL.String which can lead to leak basic auth credentials in the segment name.

Is it possible to strip those credentials ? Or at least do the same that the stdlib does, they replace the password by a *** placeholder (like here: https://github.com/golang/go/blob/master/src/net/http/client.go#L1026)

I can see that you already strip the url query.

I can make a PR for it.

Thanks,

atshaw43 commented 10 months ago

If you make a PR for it, then we can review it.

aloababa commented 10 months ago

I already make it.