yel/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-10-27 05:55:21 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
main
gitea/modules/indexer/code
History
shashank-netapp 03fce8f3d0
Some checks failed
release-nightly / nightly-binary (push) Has been cancelled
Details
release-nightly / nightly-docker-rootful (push) Has been cancelled
Details
release-nightly / nightly-docker-rootless (push) Has been cancelled
Details
Fixing issue #35530: Password Leak in Log Messages (#35584) 
The Gitea codebase was logging `Elasticsearch` and `Meilisearch`
connection strings directly to log files without sanitizing them. Since
connection strings often contain credentials in the format
`protocol://username:password@host:port`, this resulted in passwords
being exposed in plain text in log output.

Fix:
- wrapped all instances of setting.Indexer.RepoConnStr and
setting.Indexer.IssueConnStr with the `util.SanitizeCredentialURLs()`
function before logging them.

Fixes: #35530

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2025-10-07 09:26:47 -07:00
..
bleve Move some functions to gitrepo package (#35543) 2025-10-07 17:06:51 +08:00
elasticsearch Move some functions to gitrepo package (#35543) 2025-10-07 17:06:51 +08:00
gitgrep enable staticcheck QFxxxx rules (#34064) 2025-03-29 17:32:28 -04:00
internal Enable addtional linters (#34085) 2025-04-01 10:14:01 +00:00
git.go Move some functions to gitrepo package (#35543) 2025-10-07 17:06:51 +08:00
indexer_test.go Fix various typos in codebase (#35480) 2025-09-13 10:34:43 -04:00
indexer.go Fixing issue #35530: Password Leak in Log Messages (#35584) 2025-10-07 09:26:47 -07:00
search.go Run gopls modernize on codebase (#34751) 2025-06-18 01:48:09 +00:00