diff --git a/okhttp/src/jvmMain/kotlin/okhttp3/Request.kt b/okhttp/src/jvmMain/kotlin/okhttp3/Request.kt index 26e8620235ae..034cc0ee5e6d 100644 --- a/okhttp/src/jvmMain/kotlin/okhttp3/Request.kt +++ b/okhttp/src/jvmMain/kotlin/okhttp3/Request.kt @@ -32,6 +32,7 @@ import okhttp3.internal.commonPost import okhttp3.internal.commonPut import okhttp3.internal.commonRemoveHeader import okhttp3.internal.commonTag +import okhttp3.internal.isSensitiveHeader actual class Request internal actual constructor(builder: Builder) { @get:JvmName("url") @@ -166,7 +167,7 @@ actual class Request internal actual constructor(builder: Builder) { } append(name) append(':') - append(value) + append(if (isSensitiveHeader(name)) "██" else value) } append(']') } diff --git a/okhttp/src/jvmTest/java/okhttp3/RequestTest.kt b/okhttp/src/jvmTest/java/okhttp3/RequestTest.kt index 49be814652e0..5abde806fd6e 100644 --- a/okhttp/src/jvmTest/java/okhttp3/RequestTest.kt +++ b/okhttp/src/jvmTest/java/okhttp3/RequestTest.kt @@ -489,6 +489,32 @@ class RequestTest { assertThat(requestB.tag(String::class.java)).isSameAs("b") assertThat(requestC.tag(String::class.java)).isSameAs("c") } + + @Test + fun requestToStringRedactsSensitiveHeaders() { + val headers = Headers.Builder() + .add("content-length", "99") + .add("authorization", "peanutbutter") + .add("proxy-authorization", "chocolate") + .add("cookie", "drink=coffee") + .add("set-cookie", "accessory=sugar") + .add("user-agent", "OkHttp") + .build() + val request = Request( + "https://square.com".toHttpUrl(), + headers + ) + assertThat(request.toString()).isEqualTo( + "Request{method=GET, url=https://square.com/, headers=[" + + "content-length:99," + + " authorization:██," + + " proxy-authorization:██," + + " cookie:██," + + " set-cookie:██," + + " user-agent:OkHttp" + + "]}" + ) + } private fun bodyToHex(body: RequestBody): String { val buffer = Buffer()