search

EMCECS / ecs-sync

ecs-sync is a bulk copy utility that can move data between various systems in parallel
Apache License 2.0
61 stars 22 forks source link

Verbose log level leaks sensitive information #32

Closed MarkRx closed 2 years ago

MarkRx commented 6 years ago

If the generated URI for a source/target has credentials in it they will be printed in the log if verbose logging is on.

Line in question: https://github.com/EMCECS/ecs-sync/blob/master/src/main/java/com/emc/ecs/sync/EcsSync.java#L293

The sensitive information should be masked.

twincitiesguy commented 2 years ago

Sensitive info scrubbing in the logs was added to 3.5.0. If we missed something, please let us know.