Go-Gitea
/
gitea
mirror of https://github.com/go-gitea/gitea.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
gitea/modules/indexer/code
History
Giteabot 6de2151607
Fixing issue #35530: Password Leak in Log Messages (#35584) (#35609) 
Backport #35584 by @shashank-netapp

# Summary
The Gitea codebase was logging `Elasticsearch` and `Meilisearch`
connection strings directly to log files without sanitizing them. Since
connection strings often contain credentials in the format
`protocol://username:password@host:port`, this resulted in passwords
being exposed in plain text in log output.

Fix:
- wrapped all instances of setting.Indexer.RepoConnStr and
setting.Indexer.IssueConnStr with the `util.SanitizeCredentialURLs()`
function before logging them.

Fixes: #35530

Co-authored-by: shashank-netapp <108022276+shashank-netapp@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
 		2025-10-09 11:00:40 +02:00
..
bleve Move git command to git/gitcmd (#35483) 2025-09-15 23:33:12 -07:00
elasticsearch Move git command to git/gitcmd (#35483) 2025-09-15 23:33:12 -07:00
gitgrep enable staticcheck QFxxxx rules (#34064) 2025-03-29 17:32:28 -04:00
internal Enable addtional linters (#34085) 2025-04-01 10:14:01 +00:00
git.go Move git command to git/gitcmd (#35483) 2025-09-15 23:33:12 -07:00
indexer.go Fixing issue #35530: Password Leak in Log Messages (#35584) (#35609) 2025-10-09 11:00:40 +02:00
indexer_test.go Fix various typos in codebase (#35480) 2025-09-13 10:34:43 -04:00
search.go Run `gopls modernize` on codebase (#34751) 2025-06-18 01:48:09 +00:00