Consider redact password included in jump-connect exception

Question

Consider redact password included in jump-connect exception

buenoguilherme opened this issue 2 years ago · 1 comments

If an error occurs during connection, the exception thrown includes the entire hosts list, which in turn may have passwords and those passwords will be present in the stacktrace.

(fn [e s]
  (throw
   (ex-info
    (str "Failed to connect "
         (.getUserName s) "@"
         (.getHost s) ":"
         (.getPort s)
         " " (pr-str (into [] (.getIdentityNames agent)))
         " " (pr-str hosts))
    {:hosts hosts}
    e)))

The password could be removed from the exception message and data.

Answer 1 · 2023-08-16T09:30:28.000Z

@buenoguilherme Did you consider just sanitizing the password instead of removing it? Or in other words, isn't it important to distinguish cases where a password is set from when a password is not set at all?