sebbASF
commented
10 months ago If an empty password is set using ldap.auth, the inspect output is currently unreadable, as gsub matches most of the inspected output
Open sebbASF opened 11 months ago
sebbASF
commented
10 months ago If an empty password is set using ldap.auth, the inspect output is currently unreadable, as gsub matches most of the inspected output
The LDAP::inspect method uses gsub to obscure the password:
https://github.com/ruby-ldap/ruby-net-ldap/blob/7f060e1f3a02592b35c350082297f17d7eac73f1/lib/net/ldap.rb#L1290
This works in most cases; however if the password contains certain meta-characters, replacement can fail. For example, using
password = "abcd\efgh"
will cause the replacement to fail. I think this is because the inspect output for such passwords is different from the original.
The following code works better, though it does also replace the enclosing double-quotes:
inspected.gsub! @auth[:password].inspect, "***" if @auth[:password]
There is a further issue: if the password should happen to match another part of the inspect output, that will also be replaced. This is not particularly likely, however it would be good to fix it.
Maybe consider cloning the instance and zapping the password before passing it to inspect. That would keep the enclosing quotes.