From 0872b5193ac65cb3d88bcde73963826931a4d45a Mon Sep 17 00:00:00 2001
From: Roberto Polli <robipolli@gmail.com>
Date: Wed, 12 May 2021 11:02:38 +0200
Subject: [PATCH 1/2] Don't disclose empty passwords.

Empty passwords can be associated with access tokens.
Avoid disclosing them.
---
 src/pip/_internal/utils/misc.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/pip/_internal/utils/misc.py b/src/pip/_internal/utils/misc.py
index 26037dbdcbb..2a81b6b8f31 100644
--- a/src/pip/_internal/utils/misc.py
+++ b/src/pip/_internal/utils/misc.py
@@ -629,12 +629,13 @@ def redact_netloc(netloc):
 
     For example:
         - "user:pass@example.com" returns "user:****@example.com"
+        - "user:@example.com" returns "****@example.com"
         - "accesstoken@example.com" returns "****@example.com"
     """
     netloc, (user, password) = split_auth_from_netloc(netloc)
     if user is None:
         return netloc
-    if password is None:
+    if not password:
         user = "****"
         password = ""
     else:

From 7222bb2a10a7c135a4b34a5c7a1f3549f5b72661 Mon Sep 17 00:00:00 2001
From: Roberto Polli <robipolli@gmail.com>
Date: Wed, 12 May 2021 11:15:12 +0200
Subject: [PATCH 2/2] Create 9973.bugfix.rst

---
 news/9973.bugfix.rst | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 news/9973.bugfix.rst

diff --git a/news/9973.bugfix.rst b/news/9973.bugfix.rst
new file mode 100644
index 00000000000..54309a3014b
--- /dev/null
+++ b/news/9973.bugfix.rst
@@ -0,0 +1 @@
+Mask the user when the password is empty.