Password may not be obscured by inspect if it contains meta-characters #421
Comments
|
If an empty password is set using ldap.auth, the inspect output is currently unreadable, as gsub matches most of the inspected output |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The LDAP::inspect method uses gsub to obscure the password:
ruby-net-ldap/lib/net/ldap.rb
Line 1290 in 7f060e1
This works in most cases; however if the password contains certain meta-characters, replacement can fail. For example, using
password = "abcd\efgh"
will cause the replacement to fail. I think this is because the inspect output for such passwords is different from the original.
The following code works better, though it does also replace the enclosing double-quotes:
inspected.gsub! @auth[:password].inspect, "*******" if @auth[:password]
There is a further issue: if the password should happen to match another part of the inspect output, that will also be replaced. This is not particularly likely, however it would be good to fix it.
Maybe consider cloning the instance and zapping the password before passing it to inspect.
That would keep the enclosing quotes.
The text was updated successfully, but these errors were encountered: