search

go-telegram-bot-api / telegram-bot-api

Golang bindings for the Telegram Bot API
https://go-telegram-bot-api.dev
MIT License
5.75k stars 887 forks source link

This can cause the bot's token to be compromised #628

Open pillarion opened 1 year ago

pillarion commented 1 year ago

Description

// GetUpdatesChan starts and returns a channel for getting updates.
func (bot *BotAPI) GetUpdatesChan(config UpdateConfig) UpdatesChannel
...
updates, err := bot.GetUpdates(config)
            if err != nil {
                log.Println(err)
                log.Println("Failed to get updates, retrying in 3 seconds...")
                time.Sleep(time.Second * 3)

                continue
            }
...

The line log.Println(err) puts the bot's token into the log. This can cause the token to be compromised.

Example log:

2023/01/26 17:15:22 Post "https://api.telegram.org/bot<full_bot_token>/getUpdates": read tcp <ip>:<port>-><ip>:<port>: read: connection reset by peer
2023/01/26 17:15:22 Failed to get updates, retrying in 3 seconds...

Affected Modules, Packages, Versions and Symbols

Module: github.com/example/module
github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1
apophatique commented 5 months ago

how to fix error "read: connection reset by peer"? @pillarion