Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sensitive information can be logged #283

Open
briantoms opened this issue May 18, 2022 · 1 comment · May be fixed by #293
Open

Sensitive information can be logged #283

briantoms opened this issue May 18, 2022 · 1 comment · May be fixed by #293
Assignees
@dmytro-pavliuk
Labels
bug Something isn't working P4 A defect that can be easily worked around, or is cosmetic in nature size/M

Comments

@briantoms
Copy link
Contributor

Describe the bug

When using the UserSetPasswordStrategy to set a user's password, the newly-set password is shown in the trace-level logs.

Steps to Reproduce

Check the log output after setting a user's password.

Relativity.Testing.Framework Version

7.2.1

Relativity.Testing.Framework.API Version

6.1.4

Relativity environment installation Type

Relativity Server

Environment version

N/A

Test Case

No response

Expected Behavior

Passwords are redacted from the logs.

Actual Behavior

Passwords are included in the logs.

Screenshots

No response

Additional Context

No response
@briantoms briantoms added bug Something isn't working untriaged Needs to be reviewed by a maintainer and assigned a priority. labels May 18, 2022
@briantoms
Copy link
Contributor Author

This would require changes to LoggingInterceptor in RTF to allow excluding particular parameters from tracing (possibly via an attribute), then UserSetPasswordStrategy in RTF.API would need to be updated to take advantage of that.

@briantoms briantoms added P4 A defect that can be easily worked around, or is cosmetic in nature size/M and removed untriaged Needs to be reviewed by a maintainer and assigned a priority. labels May 18, 2022
@dmytro-pavliuk dmytro-pavliuk self-assigned this Dec 6, 2022
@dmytro-pavliuk dmytro-pavliuk linked a pull request Dec 6, 2022 that will close this issue
283 Add do not logging attribute; Use new documentation url #293
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dmytro-pavliuk dmytro-pavliuk

Labels
bug Something isn't working P4 A defect that can be easily worked around, or is cosmetic in nature size/M
Projects
None yet
Milestone
No milestone
2 participants
@briantoms @dmytro-pavliuk