[GODRIVER-3062] Scram Authenticator will add password string to error message Created: 28/Nov/23 Updated: 07/Feb/24 Resolved: 04/Jan/24 |
|
| Status: | Closed |
| Project: | Go Driver |
| Component/s: | Authentication |
| Affects Version/s: | 1.9.1, 1.13.0 |
| Fix Version/s: | 1.13.2 |
| Type: | Bug | Priority: | Unknown |
| Reporter: | Matthew Hezzlewood | Assignee: | Qingyang Hu |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Documentation Changes: | Not Needed | ||||||||
| Documentation Changes Summary: | 1. What would you like to communicate to the user about this feature? |
||||||||
| Description |
Detailed steps to reproduce the problem?You can reproduce the problem by adding an invalid character (`\n`) in the password
The error you see is:
It looks like the culprit is this line Definition of done: what must be done to consider the task complete?The error containing the password is propagated all the way up to the calling consumer. Who then doesn't want to have to scrub their logs of password and lose out on vital information on what is going wrong. I would leave in the error returned from `stringprep.SASLprep.Prepare(cred.Password)` but not add the password to the error string. The exact Go version used, with patch level:1.21.4 The exact version of the Go driver used:v1.9.1 (problem still in latest) Security VulnerabilitiesIf you’ve identified a security vulnerability in a driver or any other MongoDB project, please report it according to the instructions here |
| Comments |
| Comment by Githook User [ 07/Feb/24 ] |
|
Author: {'name': 'Qingyang Hu', 'email': '103950869+qingyang-hu@users.noreply.github.com', 'username': 'qingyang-hu'}Message: |
| Comment by Githook User [ 04/Jan/24 ] |
|
Author: {'name': 'Qingyang Hu', 'email': '103950869+qingyang-hu@users.noreply.github.com', 'username': 'qingyang-hu'}Message: |
| Comment by PM Bot [ 28/Nov/23 ] |
|
Hi mhezzlewood@slb.com, thank you for reporting this issue! The team will look into it and get back to you soon. |