Skip to content

Remove full DSNs from exception messages #49072

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 23, 2023
Merged

Remove full DSNs from exception messages #49072

merged 1 commit into from
Jan 23, 2023

Conversation

nicolas-grekas
Copy link
Member

@nicolas-grekas nicolas-grekas commented Jan 23, 2023
edited
Loading

Q A
Branch? 6.3
Bug fix? no
New feature? no
Deprecations? no
Tickets -
License MIT
Doc PR -

Follow up of #49065

We should be careful when reviewing notifier bridges, to ensure that transports' __toString() don't embed any secrets. /cc @OskarStark

@carsonbot carsonbot added this to the 6.3 milestone Jan 23, 2023
@nicolas-grekas
Copy link
Member Author

/cc @NicolasCARPi also FYI since we discussed about that privately.

@nicolas-grekas nicolas-grekas merged commit 290d5e5 into symfony:6.3 Jan 23, 2023
@nicolas-grekas nicolas-grekas deleted the dsn-no-log branch January 23, 2023 14:51
@NicolasCARPi
Copy link

Thanks everyone 👍 :)

alexislefebvre
alexislefebvre reviewed Jan 23, 2023
View reviewed changes
src/Symfony/Component/Cache/Traits/RedisTrait.php
}

if ($params['redis_cluster'] && isset($params['redis_sentinel'])) {
throw new InvalidArgumentException(sprintf('Cannot use both "redis_cluster" and "redis_sentinel" at the same time: "%s".', $dsn));
throw new InvalidArgumentException('Cannot use both "redis_cluster" and "redis_sentinel" at the same time.');
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

: has been changed to ., it looks like it breaks some tests: https://github.com/symfony/symfony/actions/runs/3988999209/jobs/6840883282#step:11:78

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's fix this in GH-49080

@OskarStark
Copy link
Contributor

I agree

@nicolas-grekas nicolas-grekas mentioned this pull request Nov 3, 2023
Merged
fabpot added a commit that referenced this pull request Nov 3, 2023
@fabpot
bug #52444 Remove full DSNs from exception messages (nicolas-grekas)
58353d1 
This PR was merged into the 5.4 branch.

Discussion
----------

Remove full DSNs from exception messages

| Q             | A
| ------------- | ---
| Branch?       | 5.4
| Bug fix?      | no
| New feature?  | no
| Deprecations? | no
| Issues        | -
| License       | MIT

Backporting #49072 to 5.4 as a security-hardening measure.

Commits
-------

14e2f67 Remove full DSNs from exception messages
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexislefebvre alexislefebvre alexislefebvre left review comments

@fancyweb fancyweb fancyweb left review comments

@OskarStark OskarStark Awaiting requested review from OskarStark OskarStark is a code owner

@jderusse jderusse Awaiting requested review from jderusse jderusse is a code owner

Assignees
No one assigned
Labels
Status: Needs Review
Projects
None yet
Milestone
6.3
Development

Successfully merging this pull request may close these issues.
6 participants
@nicolas-grekas @NicolasCARPi @OskarStark @alexislefebvre @fancyweb @carsonbot