Univention Bugzilla – Bug 49938
passwords in dicts are not removed when dict is only argument in log call
Last modified: 2019-08-05 18:42:12 CEST
The ucsschool.libs logger removes password strings from dictionary arguments. If there is only 1 format argument, the password will not be removed.
Fix and unittest. [4.4] 73f5f7d93 Bug #49938: fix removal of passwords from logging arguments if only one format argument is passed [4.4] a6ae4ecf3 Bug #49938: test removal of passwords when logging [4.4] 76f88a07c Bug #49938: advisory MS should be "4.4 v3 errata", but I don'h have the permissions to create new MS...
[4.4] bcac3d914 Bug #49938: remove password also from dict in record.msg [4.4] c0812b15c Bug #49938: advisory update ucs-school-lib (12.1.4) ucs-test-ucsschool (6.0.36)
What I tested: 401_ucsschool_lib_logger_removes_password -> OK Manuel test that password are removed: In [10]: logger.debug({"fo": 1234}) -> OK In [11]: logger.debug({"fo": 1234, "password": "dfgxsdfg"}) -> OK In [12]: logger.debug("foo: %r", {"fo": 1234, "password": "dfgxsdfg"}) -> OK In [13]: logger.debug("foo: %s", {"fo": 1234, "password": "dfgxsdfg"}) -> OK yaml -> OK
UCS@school 4.4 v3 has been released. https://docs.software-univention.de/release-notes-ucsschool-4.4v3-de.html If this error occurs again, please clone this bug.