From b84f2334e43c15f5829dbca5f25e6d574010d467 Mon Sep 17 00:00:00 2001
From: David Kerr <david@kerr.net>
Date: Tue, 11 May 2021 21:26:02 -0400
Subject: [PATCH] Redact login and password when printing out internal hash
 values (#274)

* Redact login and password when printing out internal hash values

* Remove from debug message in geturl()  parameters sent as part of a URL

* Update comment with password redaction

Making it clearer that all parameters are redacted, not just password related ones.

Co-authored-by: DaveSophoServices <dave@sophoservices.com>
---
 ddclient.in | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/ddclient.in b/ddclient.in
index 8344e44..c47a538 100755
--- a/ddclient.in
+++ b/ddclient.in
@@ -1893,7 +1893,12 @@ sub _print_hash {
         $value = "<undefined>";
     } elsif (ref $ptr eq 'HASH') {
         foreach my $key (sort keys %$ptr) {
-            _print_hash("${string}\{$key\}", $ptr->{$key});
+            if (($key eq "login") || ($key eq "password")) {
+               $value = "<redacted>";
+            } else {
+                $value = $ptr->{$key};
+            }
+            _print_hash("${string}\{$key\}", $value);
         }
         return;
     }
@@ -2336,7 +2341,7 @@ sub fetch_via_socket_io {
     debug("proxy    = %s", $proxy // '<undefined>');
     debug("protocol = %s", $use_ssl ? "https" : "http");
     debug("server   = %s", $server);
-    (my $_url = $url) =~ s%\?.*%?<redacted>%; #redact possible credentials
+    (my $_url = $url) =~ s%\?.*%?<redacted>%; #redact ALL parameters passed on URL, including possible passwords
     debug("url      = %s", $_url);
     debug("ip ver   = %s", $ipversion);