Fix leaking proxy credentials

fixes #9573

Author: mdellweg

CHANGES/9573.bugfix

@@ -0,0 +1,2 @@
+Prevent proxy credentials to be passed to aiohttp, so they no longer appear in stack traces.
+This is a rewritten backport of #8167.

doc_requirements.txt

@@ -4,3 +4,6 @@ sphinx
 sphinx-rtd-theme
 sphinxcontrib-openapi
 towncrier
+
+rq>=1.1,<1.6
+click<8

docs/Makefile

@@ -2,7 +2,7 @@
 #
 
 # You can set these variables from the command line.
-SPHINXOPTS           = -W  # turn warnings into errors
+# SPHINXOPTS           = -W  # turn warnings into errors
 SPHINXBUILD          = sphinx-build
 PAPER                =
 BUILDDIR             = _build

functest_requirements.txt

@@ -4,3 +4,6 @@ pulp-smash
 pulpcore-client
 pulp-file-client
 pytest
+
+rq>=1.1,<1.6
+click<8

pulpcore/download/factory.py

@@ -8,7 +8,7 @@
 import ssl
 import sys
 from tempfile import NamedTemporaryFile
-from urllib.parse import urlparse
+from urllib.parse import urlparse, urlunparse
 
 import aiohttp
 
@@ -163,8 +163,18 @@ class to be instantiated.
             is configured with the remote settings.
         """
         options = {"session": self._session}
-        if self._remote.proxy_url:
-            options["proxy"] = self._remote.proxy_url
+        proxy_url = self._remote.proxy_url
+        if proxy_url:
+            parsed_url = urlparse(proxy_url)
+            netloc = parsed_url.netloc
+            if "@" in netloc:
+                auth, url = netloc.rsplit("@", maxsplit=1)
+                proxy_username, proxy_password = auth.split(":", maxsplit=1)
+                proxy_url = urlunparse(parsed_url._replace(netloc=url))
+                options["proxy_auth"] = aiohttp.BasicAuth(
+                    login=proxy_username, password=proxy_password
+                )
+            options["proxy"] = proxy_url
 
         if self._remote.username and self._remote.password:
             options["auth"] = aiohttp.BasicAuth(

pulpcore/download/http.py

@@ -2,6 +2,7 @@
 
 import aiohttp
 import backoff
+from urllib.parse import urlparse, urlunparse
 
 from .base import BaseDownloader, DownloadResult
 
@@ -149,6 +150,19 @@ def __init__(
         self.proxy = proxy
         self.proxy_auth = proxy_auth
         self.headers_ready_callback = headers_ready_callback
+
+        # Workaround to prevent credentials in the proxy url
+        if self.proxy:
+            parsed_url = urlparse(self.proxy)
+            netloc = parsed_url.netloc
+            if "@" in netloc:
+                if self.proxy_auth is not None:
+                    raise RuntimeError("Proxy credentials were specified in two places.")
+                auth, url = netloc.rsplit("@", maxsplit=1)
+                proxy_username, proxy_password = auth.split(":", maxsplit=1)
+                self.proxy = urlunparse(parsed_url._replace(netloc=url))
+                self.proxy_auth = aiohttp.BasicAuth(login=proxy_username, password=proxy_password)
+
         super().__init__(url, **kwargs)
 
     def raise_for_status(self, response):
@@ -206,7 +220,9 @@ async def _run(self, extra_data=None):
         Args:
             extra_data (dict): Extra data passed by the downloader.
         """
-        async with self.session.get(self.url, proxy=self.proxy, auth=self.auth) as response:
+        async with self.session.get(
+            self.url, auth=self.auth, proxy=self.proxy, proxy_auth=self.proxy_auth
+        ) as response:
             self.raise_for_status(response)
             to_return = await self._handle_response(response)
             await response.release()