[rubygems/rubygems] Using Gem::PrintableUri in Gem::Commands::InstallCommand class

The `x.source.uri` could be a source URI with a credential. Using `Gem::PrintableUri` to make sure we are redacting sensitive information from it.

https://github.com/rubygems/rubygems/commit/8755ee0aaa

lib/rubygems/commands/install_command.rb

@@ -5,6 +5,7 @@ require_relative '../dependency_installer'
 require_relative '../local_remote_options'
 require_relative '../validator'
 require_relative '../version_option'
+require_relative '../printable_uri'
 
 ##
 # Gem installer command line tool
@@ -260,7 +261,8 @@ You can use `i` command instead of `install`.
     errors.each do |x|
       return unless Gem::SourceFetchProblem === x
 
-      msg = "Unable to pull data from '#{x.source.uri}': #{x.error.message}"
+      printable_uri = Gem::PrintableUri.parse_uri(x.source.uri.clone)
+      msg = "Unable to pull data from '#{printable_uri}': #{x.error.message}"
 
       alert_warning msg
     end

test/rubygems/test_gem_commands_install_command.rb

@@ -1067,6 +1067,31 @@ ERROR:  Possible alternatives: non_existent_with_hint
     assert_equal x, e
   end
 
+  def test_redact_credentials_from_uri_on_warning
+    spec_fetcher do |fetcher|
+      fetcher.download 'a', 2
+    end
+
+    Gem.sources << "http://username:SECURE_TOKEN@nonexistent.example"
+
+    @cmd.options[:args] = %w[a]
+
+    use_ui @ui do
+      assert_raise Gem::MockGemUi::SystemExitException, @ui.error do
+        @cmd.execute
+      end
+    end
+
+    assert_equal %w[a-2], @cmd.installed_specs.map {|spec| spec.full_name }
+
+    assert_match "1 gem installed", @ui.output
+
+    e = @ui.error
+
+    x = "WARNING:  Unable to pull data from 'http://username:REDACTED@nonexistent.example': no data for http://username:REDACTED@nonexistent.example/specs.4.8.gz (http://username:REDACTED@nonexistent.example/specs.4.8.gz)\n"
+    assert_equal x, e
+  end
+
   def test_execute_uses_from_a_gemdeps
     spec_fetcher do |fetcher|
       fetcher.gem 'a', 2