Username in TestRun log
carlospzurita opened this issue · 2 comments
Description
On the execution of service ETS, if Basic HTTP authentication is used, the credentials appear on the TestRun log in plain text, under the keys 'username' and 'authUser'.
Log snippet with fake information
Operating systems and browser
- Tested in http://staging-inspire-validator.eu-west-1.elasticbeanstalk.com/etf-webapp
- Under Ubuntu 18.04. Firefox Browser 74.0 (64-bit)
Steps to Reproduce
- Select WMS TestSuite
- Select 'Credentials' and enter useranema and password
- Include service endpoint HTTP
- Start test run and monitor log
- In 'Project properties', look for keys 'username' and 'authUser'
Expected behavior:
Credentials should be omitted from TestRun log
Actual behavior:
Credentials appear in plain text
Credentials should be omitted from TestRun log
I only see the username without the password and by definition only a part of the credentials. So it is useless without the password. I don't see that this is an high priority security issue, but you are welcome to implement a configuration option, so that the username is not shown.
Yes you are right, the password is not shown. However we are going to include a configuration for this and modify the Test Driver to not log the username.