cmd/go/internal/web: log complete URLs

Incoming URLs may omit the scheme to indicate “either HTTP or HTTPS”. For such URLs, log the scheme actually used instead of leaving it out. (This issue was noticed while triaging #34075.) Updates #34075 Change-Id: I39e5ca83543dd780258d41d5c2c4ba907cd20e5c Reviewed-on: https://go-review.googlesource.com/c/go/+/193262 Run-TryBot: Bryan C. Mills <bcmills@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Jay Conrod <jayconrod@google.com>
2025-05-22 16:09:37 +00:00 · 2019-09-04 12:43:50 -04:00 · 2019-09-04 12:43:50 -04:00 · 51be44bfaf
commit 51be44bfaf
parent 23f7398671
2 changed files with 17 additions and 4 deletions
--- a/src/cmd/go/internal/web/http.go
+++ b/src/cmd/go/internal/web/http.go
@ -111,7 +111,7 @@ func get(security SecurityMode, url *urlpkg.URL) (*Response, error) {
 		fetched, res, err = fetch(secure)
 		if err != nil {
 			if cfg.BuildX {
-				fmt.Fprintf(os.Stderr, "# get %s: %v\n", Redacted(url), err)
+				fmt.Fprintf(os.Stderr, "# get %s: %v\n", Redacted(secure), err)
 			}
 			if security != Insecure || url.Scheme == "https" {
 				// HTTPS failed, and we can't fall back to plain HTTP.
@ -146,7 +146,7 @@ func get(security SecurityMode, url *urlpkg.URL) (*Response, error) {
 		insecure.Scheme = "http"
 		if insecure.User != nil && security != Insecure {
 			if cfg.BuildX {
-				fmt.Fprintf(os.Stderr, "# get %s: insecure credentials\n", Redacted(url))
+				fmt.Fprintf(os.Stderr, "# get %s: insecure credentials\n", Redacted(insecure))
 			}
 			return nil, fmt.Errorf("refusing to pass credentials to insecure URL: %s", Redacted(insecure))
 		}
@ -154,7 +154,7 @@ func get(security SecurityMode, url *urlpkg.URL) (*Response, error) {
 		fetched, res, err = fetch(insecure)
 		if err != nil {
 			if cfg.BuildX {
-				fmt.Fprintf(os.Stderr, "# get %s: %v\n", Redacted(url), err)
+				fmt.Fprintf(os.Stderr, "# get %s: %v\n", Redacted(insecure), err)
 			}
 			// HTTP failed, and we already tried HTTPS if applicable.
 			// Report the error from the HTTP attempt.
@ -165,7 +165,7 @@ func get(security SecurityMode, url *urlpkg.URL) (*Response, error) {
 	// Note: accepting a non-200 OK here, so people can serve a
 	// meta import in their http 404 page.
 	if cfg.BuildX {
-		fmt.Fprintf(os.Stderr, "# get %s: %v (%.3fs)\n", Redacted(url), res.Status, time.Since(start).Seconds())
+		fmt.Fprintf(os.Stderr, "# get %s: %v (%.3fs)\n", Redacted(fetched), res.Status, time.Since(start).Seconds())
 	}
 	r := &Response{
 		URL:        Redacted(fetched),
--- a/src/cmd/go/testdata/script/mod_getx.txt
+++ b/src/cmd/go/testdata/script/mod_getx.txt
@ -0,0 +1,13 @@
+[short] skip
+[!net] skip
+
+env GO111MODULE=on
+env GOPROXY=direct
+env GOSUMDB=off
+
+# 'go get -x' should log URLs with an HTTP or HTTPS scheme.
+# A bug had caused us to log schemeless URLs instead.
+go get -x -d golang.org/x/text@v0.1.0
+stderr '^# get https://golang.org/x/text\?go-get=1$'
+stderr '^# get https://golang.org/x/text\?go-get=1: 200 OK \([0-9.]+s\)$'
+! stderr '^# get //.*'