Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove Passwords from Debug #29

Closed
adorton-adobe opened this issue Jul 15, 2021 · 1 comment · Fixed by #35
Closed

Remove Passwords from Debug #29

adorton-adobe opened this issue Jul 15, 2021 · 1 comment · Fixed by #35
Assignees
Labels
bug Something isn't working

Comments

@adorton-adobe
Copy link
Contributor

Description
When running at log level debug, the SSL cert and proxy passwords are printed. We should not print these items to the log.

Steps to reproduce

  • Set log level to debug
  • Run proxy in start mode
  • Observe the output:
[2021-07-15][12:12:43][frl_proxy][DEBUG] conf: Settings { proxy: Proxy { mode: Passthrough, host: "0.0.0.0", port: "8080", ssl_port: "8443", remote_host: "https://lcs-cops-stage.adobe.io", ssl: true }, ssl: Ssl { cert_path: "proxy-cert.pfx", cert_password: "frl-proxy.brotsky.net" }, logging: Logging { level: Debug, destination: Console, file_path: "proxy-log.log" }, cache: Cache { db_path: "proxy-cache.sqlite" }, network: Network { use_proxy: true, proxy_host: "127.0.0.1", proxy_port: "8888", use_basic_auth: false, proxy_username: "", proxy_password: "" } }

Expected behavior
Sensitive fields should be omitted or redacted (e.g. replace contents with xxxx).

Environment

  • frl-proxy version: 1.0.1
  • OS type and version: Windows 10
  • Any other relevant info: n/a
@adorton-adobe adorton-adobe added the bug Something isn't working label Jul 15, 2021
@adorton-adobe adorton-adobe self-assigned this Jul 15, 2021
@adobeDan adobeDan assigned adobeDan and unassigned adorton-adobe Dec 4, 2021
@adobeDan
Copy link
Contributor

adobeDan commented Dec 4, 2021

Took this from @adorton-adobe since I'm doing a bunch of other fixes and it's easy to knock this one off as well.

Note: since this bug was introduced, we added a second password (for the upstream proxy), and we had the same problem with logging of that password. I will fix both instances.

clickonetwo pushed a commit to clickonetwo/adobe-desktop-licensing-utilities that referenced this issue Mar 20, 2022
Applies both to the certificate password and to the proxy password.

The simplest fix for this, since it just needs to fix logging, is to re-implement the Debug trait on the relevant settings structures (rather than using the derived trait).  If we weren't serializing these passwords to and from the config file on disk, it might be worth using a crate such as secrecy.  But that is overkill for this problem.

Fixes adobe/frl-online-proxy#29.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants