Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logging of confidential parameters #2087

Closed
szzsolt opened this issue Aug 22, 2023 · 2 comments
Closed

Logging of confidential parameters #2087

szzsolt opened this issue Aug 22, 2023 · 2 comments
Labels
theme: security 🔐 An issue or change related to security type: enhancement ✨
Milestone
4.7.5

Comments

@szzsolt
Copy link

szzsolt commented Aug 22, 2023

I have a field defined as

@Option(names = {"-p", "--password"},
    descriptionKey = "the.password",
    interactive = true,
    arity = "0..1",
    echo = false,
    description = "Password")
private String password;

I also have a custom IDefaultValueProvider implementation that will load and decrypt an encrypted password from a file for the option.

It all works well, except when setting CommandLine.tracer().setLevel() to a high enough level. When I do that, the password is logged by picocli as below:

[picocli INFO] Setting field String ....password to 'ACTUAL_PASSWORD_VALUE' (was 'ACTUAL_PASSWORD_VALUE') for field String ....password on ...

It seems that the echo = false setting is ignored when it comes to default values. In the code I see that echo() is only checked based around certain other conditions.

Would it be possible to suppress all logging when echo is set to false, regardless of any other setting on the option?
@remkop remkop added this to the 4.7.5 milestone Aug 22, 2023
@remkop remkop added type: enhancement ✨ theme: security 🔐 An issue or change related to security labels Aug 22, 2023
@remkop
Copy link
Owner

remkop commented Aug 22, 2023

Yes this is a good idea. Thank you for raising it!
Will you be able to provide a pull request for this (ideally with tests)?

remkop added a commit that referenced this issue Aug 26, 2023
@remkop
[#2087] Mask parameters in trace log when echo=false for interactive …
af10eaf 
…options
@remkop remkop closed this as completed in 68d33d4 Aug 26, 2023
@remkop
Copy link
Owner

remkop commented Aug 26, 2023

Fixed in the main branch.
This will be included in the next release.
Thank you for raising this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
theme: security 🔐 An issue or change related to security type: enhancement ✨
Projects
None yet
Milestone
4.7.5
Development

No branches or pull requests
2 participants
@szzsolt @remkop