CLOUDNS: API error messages leak credentials #3124
Labels
Comments
|
Ping @pragmaton, the maintainer of the ClouDNS provider. |
hmoffatt
added a commit
to hmoffatt/dnscontrol
that referenced
this issue
Sep 24, 2024
hmoffatt
added a commit
to hmoffatt/dnscontrol
that referenced
this issue
Sep 24, 2024
|
I think the simplest change is not to print the URL - change is in the referenced PR. Otherwise a sanitized URL could be printed, if this is desired. |
tlimoncelli
pushed a commit
that referenced
this issue
Sep 24, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
If a CLOUDNS API error occurs, the credentials are leaked. This is because the credentials are passed in the query part of the URL, and the whole URL is printed in the error.
To Reproduce
Seen while debugging ClouDNS changes, but it would occur if you had the credentials wrong.
Expected behavior
Credentials should not be leaked in the error text.
DNS Provider
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: