-
-
Notifications
You must be signed in to change notification settings - Fork 8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[🐛 Bug]: Auth info in Logs in selenium grid #13648
Comments
@amardeep2006, thank you for creating this issue. We will troubleshoot it as soon as we can. Info for maintainersTriage this issue by using labels.
If information is missing, add a helpful comment and then
If the issue is a question, add the
If the issue is valid but there is no time to troubleshoot it, consider adding the
If the issue requires changes or fixes from an external project (e.g., ChromeDriver, GeckoDriver, MSEdgeDriver, W3C),
add the applicable
After troubleshooting the issue, please add the Thank you! |
This issue is looking for contributors. Please comment below or reach out to us through our IRC/Slack/Matrix channels if you are interested. |
Hello, I want to try fixing this bug. Assign to me please |
@zhangwt-cn, we do not assign bugs. Feel free to discuss your approach here and we will assist you when you send us a PR. |
…tion from the logs. Fixes SeleniumHQ#13648
What happened?
I am running selenium grid and I see username/password in logs. I have auth enabled.
This is visible in both hub and chrome-node logs. It appears as part of capabilities under se:vnc and se:cdp section.
I feel this can be potential security issue. I am not sure what can be the solution but as it's part of INFO logging level, it will be logged almost in most default cases.
Here are few suspected sources I feel. I could not find why it appears in browser node's logs.
selenium/java/src/org/openqa/selenium/grid/distributor/local/LocalDistributor.java
Line 586 in d65e38e
selenium/java/src/org/openqa/selenium/grid/node/local/LocalNode.java
Line 495 in d65e38e
How can we reproduce the issue?
Relevant log output
10:26:30.043 INFO [LocalNode.newSession] - Session created by the Node. Id: bd64e2f9a306477d40843d3d74660381, Caps: Capabilities {acceptInsecureCerts: false, browserName: chrome, browserVersion: 122.0.6261.94, chrome: {chromedriverVersion: 122.0.6261.94 (880dbf29479c..., userDataDir: /tmp/.org.chromium.Chromium...}, fedcm:accounts: true, goog:chromeOptions: {debuggerAddress: localhost:39807}, networkConnectionEnabled: false, pageLoadStrategy: normal, platformName: linux, proxy: Proxy(), se:bidiEnabled: false, se:cdp: wss://admin:admin@org-se..., se:cdpVersion: 122.0.6261.94, se:vnc: wss://admin:admin@org-se..., se:vncEnabled: true, se:vncLocalAddress: ws://10.42.23.63:7900, setWindowRect: true, strictFileInteractability: false, timeouts: {implicit: 0, pageLoad: 300000, script: 30000}, unhandledPromptBehavior: dismiss and notify, webauthn:extension:credBlob: true, webauthn:extension:largeBlob: true, webauthn:extension:minPinLength: true, webauthn:extension:prf: true, webauthn:virtualAuthenticators: true}
Operating System
Ubuntu
Selenium version
Java 4.18.1
What are the browser(s) and version(s) where you see this issue?
Chrome 122
What are the browser driver(s) and version(s) where you see this issue?
122.0.6261.94
Are you using Selenium Grid?
4.18.1
The text was updated successfully, but these errors were encountered: