Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Basic Auth is exposed in logs on authorization failure #192

Closed
ilawjr opened this issue Apr 3, 2020 · 0 comments · Fixed by #199
Closed

Basic Auth is exposed in logs on authorization failure #192

ilawjr opened this issue Apr 3, 2020 · 0 comments · Fixed by #199
Labels
bug
Milestone
v0.2.7

Comments

@ilawjr
Copy link

ilawjr commented Apr 3, 2020

Description:
When talaria submits a request with an incorrect basic auth, that auth is exposed in the logs. Basic auth should be hidden.
{"caller":"authorizationHandler.go:127","content-length":752,"level":"error","method":"POST","msg":"request denied","remoteAddress":"[redacted]","sat-client-id":"","token":"Basic [manually redacted]","ts":"2020-04-01T17:49:19.18400027Z","url":"[redacted]","user-agent":"Go-http-client/1.1","validator-error":null,"validator-response":false}

expected:
Basic auth would be obfuscated
@ilawjr ilawjr added the bug label Apr 3, 2020
@ilawjr ilawjr changed the title Auth is exposed in logs when it fails Basic Auth is exposed in logs on authorization failure Apr 3, 2020
@kristinapathak kristinapathak mentioned this issue Apr 20, 2020
Merged
@kristinapathak kristinapathak added this to the Unreleased milestone Apr 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
v0.2.7
Development

Successfully merging a pull request may close this issue.

removed the use of certain logging package functions xmidt-org/caduceus
2 participants
@ilawjr @kristinapathak