From 38ecab3a4af8a5bba05ed1d65805bb219aa2464b Mon Sep 17 00:00:00 2001
From: Robin Munn <rmunn@pobox.com>
Date: Fri, 26 Apr 2024 15:20:45 +0700
Subject: [PATCH] Do not log Send/Receive passwords (#339)

Most code paths replaced the user's Send/Receive password with a string
of asterisks, but there was one code path where this was missed.
---
 src/LibChorus/VcsDrivers/Mercurial/HgRepository.cs | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/LibChorus/VcsDrivers/Mercurial/HgRepository.cs b/src/LibChorus/VcsDrivers/Mercurial/HgRepository.cs
index 6e78f7e3..ddaffd6f 100644
--- a/src/LibChorus/VcsDrivers/Mercurial/HgRepository.cs
+++ b/src/LibChorus/VcsDrivers/Mercurial/HgRepository.cs
@@ -1071,13 +1071,18 @@ internal string RepositoryURIForLog(RepositoryAddress address)
 				// and it will appear later in the log.
 				if(address.URI.Contains(RepositoryAddress.ProjectNameVariable))
 				{
-					return address.GetPotentialRepoUri(Identifier,
+					return ServerSettingsModel.RemovePasswordForLog(address.GetPotentialRepoUri(Identifier,
 						Path.GetFileNameWithoutExtension(_pathToRepository) + Path.GetExtension(_pathToRepository),
-						_progress);
+						_progress));
 				}
 			}
 			catch { /* Don't throw trying to get extra information to log */ }
-			return address.URI;
+			try
+			{
+				return ServerSettingsModel.RemovePasswordForLog(address.URI);
+			}
+			catch { /* Really don't throw trying to get extra information to log */ }
+			return "(unknown error getting URI)";
 		}
 
 		/// <summary>