Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Leaks API key on exception #187

Closed
ricardobranco777 opened this issue Sep 19, 2023 · 2 comments
Closed

Leaks API key on exception #187

ricardobranco777 opened this issue Sep 19, 2023 · 2 comments

Comments

@ricardobranco777
Copy link
Contributor

ricardobranco777 commented Sep 19, 2023
edited

The quick way to test it is with no Internet connection:

import os
import logging
from bugzilla import Bugzilla
from bugzilla.exceptions import BugzillaError
from requests.exceptions import RequestException

URL = os.getenv("URL", "https://bugzilla.suse.com")
USER = os.getenv("USER", "test")
API_KEY = "MYAPIKEY"

try:
    client = Bugzilla(URL, force_rest=True, user=USER, api_key=API_KEY)
except (BugzillaError, RequestException) as exc:
    error = exc
    logging.error("%s", exc)

ERROR:root:HTTPSConnectionPool(host='bugzilla.suse.com', port=443): Max retries exceeded with url: /rest/version?Bugzilla_api_key=MYAPIKEY (Caused by NameResolutionError("<urllib3.connection.HTTPSConnection object at 0x7f48458cbf90>: Failed to resolve 'bugzilla.suse.com' ([Errno -3] Temporary failure in name resolution)"))

The only workaround is to catch requests.exceptions.ConnectionError.
@ricardobranco777 ricardobranco777 mentioned this issue Sep 20, 2023
Merged
@ricardobranco777
Copy link
Contributor Author

Tracking in https://bugzilla.suse.com/show_bug.cgi?id=1215718

@crazyscientist
Copy link
Contributor

Fixed by #188. Thank you 🙂

@ricardobranco777 ricardobranco777 mentioned this issue Apr 26, 2024
Closed
freebsd-git pushed a commit to freebsd/freebsd-ports that referenced this issue Apr 29, 2024
@ricardobranco777 @lwhsu
devel/py-python-bugzilla: Fix for API key leak
e199513 
Fixes python-bugzilla/python-bugzilla#187

PR:		278612
MFH:		2024Q2
Pull Request:	#253
freebsd-git pushed a commit to freebsd/freebsd-ports that referenced this issue Apr 29, 2024
@ricardobranco777 @lwhsu
devel/py-python-bugzilla: Fix for API key leak
188a62c 
Fixes python-bugzilla/python-bugzilla#187

PR:		278612
MFH:		2024Q2
Pull Request:	#253

(cherry picked from commit e199513)
@ricardobranco777 ricardobranco777 mentioned this issue Apr 29, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@crazyscientist @ricardobranco777