yel/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-10-27 05:55:21 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
main
gitea/modules/indexer
History
shashank-netapp 03fce8f3d0
Some checks failed
release-nightly / nightly-binary (push) Has been cancelled
Details
release-nightly / nightly-docker-rootful (push) Has been cancelled
Details
release-nightly / nightly-docker-rootless (push) Has been cancelled
Details
Fixing issue #35530: Password Leak in Log Messages (#35584) 
The Gitea codebase was logging `Elasticsearch` and `Meilisearch`
connection strings directly to log files without sanitizing them. Since
connection strings often contain credentials in the format
`protocol://username:password@host:port`, this resulted in passwords
being exposed in plain text in log output.

Fix:
- wrapped all instances of setting.Indexer.RepoConnStr and
setting.Indexer.IssueConnStr with the `util.SanitizeCredentialURLs()`
function before logging them.

Fixes: #35530

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2025-10-07 09:26:47 -07:00
..
code Fixing issue #35530: Password Leak in Log Messages (#35584) 2025-10-07 09:26:47 -07:00
internal Enable addtional linters (#34085) 2025-04-01 10:14:01 +00:00
issues Fixing issue #35530: Password Leak in Log Messages (#35584) 2025-10-07 09:26:47 -07:00
stats Remove incorrect "db.DefaultContext" usages (#35366) 2025-08-28 03:52:43 +00:00
indexer.go Improve issue & code search (#33860) 2025-03-13 11:07:48 +08:00