We recently fixed an issue in COREAPP-74: Tokens are being logged in gitserver error messagesDONE where we were logging secrets in clone URLs. We have fixed the issue but this does not guarantee that it does not happen again or is already not happening in another place of the codebase.
We need to audit all existing places where we might be dumping the clone URL with the secret token.
And we need to implement a new Error type which takes care of redacting the secrets from the clone URL. The following methods should be implemented:
Error: This should redact the token.
String: This should ensure that printing the error does not reveal the token. Maybe it should just call the Error method.
This error type should be used for all git operations where the clone URL is used and an error is being logged or returned.
Paired with Joe Chen to spec this issue out.
We recently fixed an issue in COREAPP-74: Tokens are being logged in gitserver error messagesDONE where we were logging secrets in clone URLs. We have fixed the issue but this does not guarantee that it does not happen again or is already not happening in another place of the codebase.
We need to audit all existing places where we might be dumping the clone URL with the secret token.
And we need to implement a new Error type which takes care of redacting the secrets from the clone URL. The following methods should be implemented:
This error type should be used for all git operations where the clone URL is used and an error is being logged or returned. Paired with Joe Chen to spec this issue out.