Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize URLs in exception messages #17

Closed
rcdailey opened this issue Nov 10, 2021 · 1 comment
Closed

Sanitize URLs in exception messages #17

rcdailey opened this issue Nov 10, 2021 · 1 comment
Labels
bug Something isn't working radarr Related to Radarr functionality in Recyclarr sonarr Related to Sonarr functionality in Recyclarr

Comments

@rcdailey
Copy link
Member

In normal logging, Sonarr URLs are sanitized: The hostname and the API key are obfuscated. This makes sharing logs not a security risk.

When an exception is thrown due to some HTTP failure, the URL is not sanitized. This is a different code path. Example:

[DBG] HTTP Request to http://hostname:8989/api/v3/system/status?apikey=SNIP
[DBG] HTTP Response (No response) from http://hostname:8989/api/v3/system/status?apikey=SNIP
[ERR] HTTP error while communicating with Sonarr
Flurl.Http.FlurlHttpException: Call failed. No connection could be made because the target machine actively refused it
. (localhost:8989): GET http://localhost:8989/api/v3/system/status?apikey=2424b3643507485ea2e06382d3f0b8a3
 ---> System.Net.Http.HttpRequestException: No connection could be made because the target machine actively refused it
. (localhost:8989)
@rcdailey rcdailey added the bug Something isn't working label Nov 10, 2021
@rcdailey rcdailey added sonarr Related to Sonarr functionality in Recyclarr radarr Related to Radarr functionality in Recyclarr labels Mar 21, 2022
rcdailey added a commit that referenced this issue Mar 21, 2022
@rcdailey
fix(radarr): Sanitize URLs in HTTP exception messages
ea30d60 
Relates to #17
@rcdailey
Copy link
Member Author

While the target for this was mainly Radarr, I believe this applies to Sonarr as well. I haven't thoroughly tested it but I will reopen this if I find an issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working radarr Related to Radarr functionality in Recyclarr sonarr Related to Sonarr functionality in Recyclarr
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rcdailey