search

marss / aiortsp

An Asyncio-based RTSP library
GNU Lesser General Public License v3.0
46 stars 9 forks source link

Password leaked into logs #14

Closed eikowagenknecht closed 1 year ago

eikowagenknecht commented 1 year ago

Describe the bug

Using this as part of the HomeAssistant Eufy integration. Since I quite often check my logs and sometimes make them public (i.e. GitHub Issues), I noticed that this integration leaks passwords when they are contained in the URL of a stream, e.g.

...[aiortsp.rtsp.reader] try loading stream rtspt://user12345:password12345@192.168.40.85/live4

Expected behavior

It would be best practice to redact at least the password part of the url to avoid unknowingly leaking them to the logs.

See https://github.com/fuatakgun/eufy_security/issues/900

RouquinBlanc commented 1 year ago

Hi, I have created #15 for fixing this, could you check if it solves your issue entirely? I scanned through the different logs and it seems to be the only place left.

If that's fine with you I will merge and release a 1.3.7 version

eikowagenknecht commented 1 year ago

Looks good to me, thank you for fixing this so super fast!