Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Password may not be obscured by inspect if it contains meta-characters #421

Open
sebbASF opened this issue Jan 7, 2024 · 1 comment
Open

Comments

@sebbASF
Copy link
Contributor

sebbASF commented Jan 7, 2024

The LDAP::inspect method uses gsub to obscure the password:

inspected.gsub! @auth[:password], "*******" if @auth[:password]

This works in most cases; however if the password contains certain meta-characters, replacement can fail. For example, using

password = "abcd\efgh"

will cause the replacement to fail. I think this is because the inspect output for such passwords is different from the original.

The following code works better, though it does also replace the enclosing double-quotes:

inspected.gsub! @auth[:password].inspect, "*******" if @auth[:password]

There is a further issue: if the password should happen to match another part of the inspect output, that will also be replaced. This is not particularly likely, however it would be good to fix it.

Maybe consider cloning the instance and zapping the password before passing it to inspect.
That would keep the enclosing quotes.

@sebbASF
Copy link
Contributor Author

sebbASF commented Jan 7, 2024

If an empty password is set using ldap.auth, the inspect output is currently unreadable, as gsub matches most of the inspected output

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant