Fix password leak in log messages#35584
Merged
lunny merged 5 commits intogo-gitea:mainfrom Oct 7, 2025
Merged
Conversation
…contained in the connString
GiteaBot
added
the
lgtm/need 2
techknowlogick
approved these changes
Oct 4, 2025
GiteaBot
added
lgtm/need 1
techknowlogick
added
backport/v1.24
lunny
approved these changes
Oct 4, 2025
GiteaBot
added
lgtm/done
Contributor
|
It's better to call |
Contributor
Author
That seems more secure, but again this would be adding a few bit of lines to all the log statements and for the majority of time we may not even need it. Is this extra cost acceptable ? |
Contributor
Personally I think it's worth to make the logger system more secure, but I am fine with either (current approach, or calling SanitizeCredentialURLs for all log messages). It's up to the reviewers. @lunny @techknowlogick |
Member
|
I think as a quick patch, this is enough. Adding a log level check requires balancing performance and security. Most log format arguments don’t need such checks, but verifying the log level can help prevent potential leaks of sensitive information. Alternatively, we could introduce a dedicated type, for example, |
Member
|
I sent #35594 as an example how it might be. |
lunny
added
the
reviewed/wait-merge
GiteaBot
removed
the
reviewed/wait-merge
zjjhot
added a commit
to zjjhot/gitea
that referenced
this pull request
Oct 9, 2025
* giteaofficial/main: Fixing issue go-gitea#35530: Password Leak in Log Messages (go-gitea#35584) Move some functions to gitrepo package (go-gitea#35543) feat: adds option to force update new branch in contents routes (go-gitea#35592) Move archive function to repo_model and gitrepo (go-gitea#35514) Use `inputs` context when parsing workflows (go-gitea#35590)
GiteaBot
pushed a commit
to GiteaBot/gitea
that referenced
this pull request
Oct 9, 2025
…35584) The Gitea codebase was logging `Elasticsearch` and `Meilisearch` connection strings directly to log files without sanitizing them. Since connection strings often contain credentials in the format `protocol://username:password@host:port`, this resulted in passwords being exposed in plain text in log output. Fix: - wrapped all instances of setting.Indexer.RepoConnStr and setting.Indexer.IssueConnStr with the `util.SanitizeCredentialURLs()` function before logging them. Fixes: go-gitea#35530 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
6543
pushed a commit
that referenced
this pull request
Oct 9, 2025
Backport #35584 by @shashank-netapp # Summary The Gitea codebase was logging `Elasticsearch` and `Meilisearch` connection strings directly to log files without sanitizing them. Since connection strings often contain credentials in the format `protocol://username:password@host:port`, this resulted in passwords being exposed in plain text in log output. Fix: - wrapped all instances of setting.Indexer.RepoConnStr and setting.Indexer.IssueConnStr with the `util.SanitizeCredentialURLs()` function before logging them. Fixes: #35530 Co-authored-by: shashank-netapp <108022276+shashank-netapp@users.noreply.github.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
GiteaBot
pushed a commit
to GiteaBot/gitea
that referenced
this pull request
Oct 14, 2025
…35584) The Gitea codebase was logging `Elasticsearch` and `Meilisearch` connection strings directly to log files without sanitizing them. Since connection strings often contain credentials in the format `protocol://username:password@host:port`, this resulted in passwords being exposed in plain text in log output. Fix: - wrapped all instances of setting.Indexer.RepoConnStr and setting.Indexer.IssueConnStr with the `util.SanitizeCredentialURLs()` function before logging them. Fixes: go-gitea#35530 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
silverwind
pushed a commit
that referenced
this pull request
Oct 15, 2025
Backport #35584 by @shashank-netapp # Summary The Gitea codebase was logging `Elasticsearch` and `Meilisearch` connection strings directly to log files without sanitizing them. Since connection strings often contain credentials in the format `protocol://username:password@host:port`, this resulted in passwords being exposed in plain text in log output. Fix: - wrapped all instances of setting.Indexer.RepoConnStr and setting.Indexer.IssueConnStr with the `util.SanitizeCredentialURLs()` function before logging them. Fixes: #35530 Co-authored-by: shashank-netapp <108022276+shashank-netapp@users.noreply.github.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
wxiaoguang
changed the title
wxiaoguang
added
the
topic/security
Closed
nschloe
pushed a commit
to live-clones/forgejo
that referenced
this pull request
Dec 22, 2025
… (#10550) Link to original PR: go-gitea/gitea#35584 Original Author: https://github.com/shashank-netapp Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10550 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com> Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com> (cherry picked from commit 2db3715)
nschloe
pushed a commit
to live-clones/forgejo
that referenced
this pull request
Dec 22, 2025
… (#10550) Link to original PR: go-gitea/gitea#35584 Original Author: https://github.com/shashank-netapp Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10550 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com> Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com> (cherry picked from commit 2db3715)
nschloe
pushed a commit
to live-clones/forgejo
that referenced
this pull request
Dec 22, 2025
… (#10550) Link to original PR: go-gitea/gitea#35584 Original Author: https://github.com/shashank-netapp Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10550 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com> Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com> (cherry picked from commit 2db3715)
nschloe
pushed a commit
to live-clones/forgejo
that referenced
this pull request
Dec 22, 2025
… (#10550) Link to original PR: go-gitea/gitea#35584 Original Author: https://github.com/shashank-netapp Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10550 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com> Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
externalmirrors-syncer bot
pushed a commit
to external-mirrors/forgejo
that referenced
this pull request
Dec 22, 2025
…tea/gitea!35584) (#10553) **Backport:** https://codeberg.org/forgejo/forgejo/pulls/10550 Link to original PR: go-gitea/gitea#35584 Original Author: https://github.com/shashank-netapp Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10553 Reviewed-by: Shiny Nematoda <snematoda@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
externalmirrors-syncer bot
pushed a commit
to external-mirrors/forgejo
that referenced
this pull request
Dec 22, 2025
…tea/gitea!35584) (#10554) **Backport:** https://codeberg.org/forgejo/forgejo/pulls/10550 Link to original PR: go-gitea/gitea#35584 Original Author: https://github.com/shashank-netapp Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10554 Reviewed-by: Shiny Nematoda <snematoda@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
nschloe
pushed a commit
to live-clones/forgejo
that referenced
this pull request
Dec 23, 2025
…tea/gitea!35584) (#10555) **Backport:** https://codeberg.org/forgejo/forgejo/pulls/10550 Link to original PR: go-gitea/gitea#35584 Original Author: https://github.com/shashank-netapp Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10555 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The Gitea codebase was logging
ElasticsearchandMeilisearchconnection strings directly to log files without sanitizing them. Since connection strings often contain credentials in the formatprotocol://username:password@host:port, this resulted in passwords being exposed in plain text in log output.Fix:
util.SanitizeCredentialURLs()function before logging them.Fixes: #35530