Add password masking in __repr__

mbaas038 · mbaas038 · commit 80e0f97511ef · 2026-02-16T09:27:16.000+01:00
diff --git a/CHANGES/1629.feature.rst b/CHANGES/1629.feature.rst
@@ -0,0 +1,2 @@
+Mask the password component in ``yarl.URL.__repr__`` to prevent accidental credential exposure in logs and debug
+output -- by :user:`mbaas038` and :user:`jhbuhrman`.
diff --git a/tests/test_url.py b/tests/test_url.py
@@ -57,13 +57,13 @@ def test_url_is_not_str() -> None:
 
 
 def test_str() -> None:
-    url = URL("http://example.com:8888/path/to?a=1&b=2")
-    assert str(url) == "http://example.com:8888/path/to?a=1&b=2"
+    url = URL("http://user:password@example.com:8888/path/to?a=1&b=2")
+    assert str(url) == "http://user:password@example.com:8888/path/to?a=1&b=2"
 
 
 def test_repr() -> None:
-    url = URL("http://example.com")
-    assert "URL('http://example.com')" == repr(url)
+    url = URL("http://user:password@example.com")
+    assert "URL('http://user:********@example.com')" == repr(url)
 
 
 def test_origin() -> None:
diff --git a/yarl/_parse.py b/yarl/_parse.py
@@ -161,6 +161,7 @@ def make_netloc(
     host: str | None,
     port: int | None,
     encode: bool = False,
+    mask_password: bool = False,
 ) -> str:
     """Make netloc from parts.
 
@@ -176,6 +177,8 @@ def make_netloc(
     if user is None and password is None:
         return ret
     if password is not None:
+        if mask_password:
+            password = "********"
         if not user:
             user = ""
         elif encode:
diff --git a/yarl/_url.py b/yarl/_url.py
@@ -491,24 +491,30 @@ def build(
     def __init_subclass__(cls) -> NoReturn:
         raise TypeError(f"Inheriting a class {cls!r} from URL is forbidden")
 
-    def __str__(self) -> str:
+    def _make_string(self, mask_password: bool = False) -> str:
         if not self._path and self._netloc and (self._query or self._fragment):
             path = "/"
         else:
             path = self._path
-        if (port := self.explicit_port) is not None and port == DEFAULT_PORTS.get(
-            self._scheme
-        ):
+        if (
+            (port := self.explicit_port) is not None
+            and port == DEFAULT_PORTS.get(self._scheme)
+        ) or mask_password:
             # port normalization - using None for default ports to remove from rendering
             # https://datatracker.ietf.org/doc/html/rfc3986.html#section-6.2.3
             host = self.host_subcomponent
-            netloc = make_netloc(self.raw_user, self.raw_password, host, None)
+            netloc = make_netloc(
+                self.raw_user, self.raw_password, host, None, mask_password=True
+            )
         else:
             netloc = self._netloc
         return unsplit_result(self._scheme, netloc, path, self._query, self._fragment)
 
+    def __str__(self) -> str:
+        return self._make_string(mask_password=False)
+
     def __repr__(self) -> str:
-        return f"{self.__class__.__name__}('{str(self)}')"
+        return f"{self.__class__.__name__}('{self._make_string(mask_password=True)}')"
 
     def __bytes__(self) -> bytes:
         return str(self).encode("ascii")

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	+Mask the password component in ``yarl.URL.__repr__`` to prevent accidental credential exposure in logs and debug
	`2`	+output -- by :user:`mbaas038` and :user:`jhbuhrman`.