Fix #3485 (#3486)

* Fix #3485

Passing username/pass in the node URI directly bleeds into DebugInformation.

If you use BasicAuthentication(username, password) on ConnectionSettings which is the recomended route

this does not happen.

* fix tabs in DebugInformation.doc.cs

* bad merge

(cherry picked from commit 7fc9ca0)

Author: Mpdreamz

src/Elasticsearch.Net/Responses/ResponseStatics.cs

@@ -1,4 +1,5 @@
-using System.Collections.Generic;
+using System;
+using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 
@@ -49,10 +50,26 @@ public static void DebugAuditTrail(List<Audit> auditTrail, StringBuilder sb)
 			{
 				var audit = a.a;
 				sb.Append($" - [{a.i + 1}] {audit.Event.GetStringValue()}:");
-				if (audit.Node?.Uri != null) sb.Append($" Node: {audit.Node.Uri}");
+
+				AuditNodeUrl(sb, audit);
+
 				if (audit.Exception != null) sb.Append($" Exception: {audit.Exception.GetType().Name}");
 				sb.AppendLine($" Took: {(audit.Ended - audit.Started).ToString()}");
 			}
 		}
+
+		private static void AuditNodeUrl(StringBuilder sb, Audit audit)
+		{
+			var uri = audit.Node?.Uri;
+			if (uri == null) return;
+
+			if (!string.IsNullOrEmpty(uri.UserInfo))
+			{
+				var builder = new UriBuilder(uri);
+				builder.Password = "redacted";
+				uri = builder.Uri;
+			}
+			sb.Append($" Node: {uri}");
+		}
 	}
 }

src/Tests/Tests/ClientConcepts/Troubleshooting/DebugInformation.doc.cs

@@ -9,6 +9,7 @@
 using FluentAssertions;
 using Nest;
 using Tests.Core.Client;
+using Tests.Core.Client.Settings;
 using Tests.Core.ManagedElasticsearch.Clusters;
 using Tests.Domain;
 using Tests.Framework;
@@ -28,8 +29,7 @@ public class DebugInformation : IntegrationDocumentationTestBase, IClusterFixtur
 	{
 		public DebugInformation(ReadOnlyCluster cluster) : base(cluster) {}
 
-		[I]
-		public void DefaultDebug()
+		[I] public void DefaultDebug()
 		{
 			// hide
 			var client = this.Client;
@@ -42,6 +42,41 @@ public void DefaultDebug()
 
 			response.DebugInformation.Should().Contain("Valid NEST response");
 		}
+		//hide
+		[U] public void PasswordIsNotExposedInDebugInformation()
+		{
+			// hide
+			var client = new ElasticClient(new AlwaysInMemoryConnectionSettings()
+				.DefaultIndex("index")
+				.BasicAuthentication("user1", "pass2")
+			);
+
+			var response = client.Search<Project>(s => s
+				.Query(q => q
+					.MatchAll()
+				)
+			);
+
+			response.DebugInformation.Should().NotContain("pass2");
+		}
+
+		//hide
+		[U] public void PasswordIsNotExposedInDebugInformationWhenPartOfUrl()
+		{
+			// hide
+			var pool = new SingleNodeConnectionPool(new Uri("http://user1:pass2@localhost:9200"));
+			var client = new ElasticClient(new ConnectionSettings(pool, new InMemoryConnection())
+				.DefaultIndex("index")
+			);
+
+			var response = client.Search<Project>(s => s
+				.Query(q => q
+					.MatchAll()
+				)
+			);
+
+			response.DebugInformation.Should().NotContain("pass2");
+		}
 		/**
 		 * This can be useful in tracking down numerous problems and can also be useful when filing an
 		 * {github}/issues[issue] on our github repository.