Redact login and password when printing out internal hash values (#274)

* Redact login and password when printing out internal hash values * Remove from debug message in geturl() parameters sent as part of a URL * Update comment with password redaction Making it clearer that all parameters are redacted, not just password related ones. Co-authored-by: DaveSophoServices <dave@sophoservices.com>
2021-05-11 21:26:02 -04:00 · 2021-05-11 21:26:02 -04:00 · b84f2334e4
commit b84f2334e4
parent 7fea824ec1
1 changed files with 7 additions and 2 deletions
--- a/ddclient.in
+++ b/ddclient.in
@ -1893,7 +1893,12 @@ sub _print_hash {
        $value = "<undefined>";
    } elsif (ref $ptr eq 'HASH') {
        foreach my $key (sort keys %$ptr) {
-            _print_hash("${string}\{$key\}", $ptr->{$key});
+            if (($key eq "login") || ($key eq "password")) {
+               $value = "<redacted>";
+            } else {
+                $value = $ptr->{$key};
+            }
+            _print_hash("${string}\{$key\}", $value);
        }
        return;
    }
@ -2336,7 +2341,7 @@ sub fetch_via_socket_io {
    debug("proxy    = %s", $proxy // '<undefined>');
    debug("protocol = %s", $use_ssl ? "https" : "http");
    debug("server   = %s", $server);
-    (my $_url = $url) =~ s%\?.*%?<redacted>%; #redact possible credentials
+    (my $_url = $url) =~ s%\?.*%?<redacted>%; #redact ALL parameters passed on URL, including possible passwords
    debug("url      = %s", $_url);
    debug("ip ver   = %s", $ipversion);