Skip to content

#inspect-ing an instance of Net::LDAP leaks auth credentials (username and password instance variables) #216

New issue
New issue
Closed
Closed
#inspect-ing an instance of Net::LDAP leaks auth credentials (username and password instance variables)#216
@astockwell

Description

@astockwell
astockwell
opened on Sep 11, 2015

Example:

c = Net::LDAP.new(conn_hash)
p c
=> #<Net::LDAP:0x007ffc6698a9f8 
    @host="server-001", 
    @port=636, 
    @verbose=false, 
    @auth={:method=>:simple, :username=>"cn=user,o=org", :password=>"supersecret"}, 
    @base="dc=com", 
    @force_no_page=false, 
    @encryption={:method=>:simple_tls, :tls_options=>{}}, 
    @instrumentation_service=nil, 
    @open_connection=nil, 
    @result=#<Net::LDAP::PDU:0x007ffc669895f8 
    @message_id=1, 
    @app_tag=1, 
    @ldap_controls=[], 
    @ldap_result={:resultCode=>0, :matchedDN=>"", :errorMessage=>""}>>

This can be worked around when using this gem by wrapping Net::LDAP in another class, but I don't imagine this is desirable behavior.

Could something be done similar to GitHub's octokit gem (highlighted LOC here) to mask them (or remove entirely)?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions