[BUG] Redis password gets exposed in info logs when redis username is empty
smunukutla-mycarrier opened this issue · comments
Describe the bug
Redis password gets exposed in info logs when Redis username is an empty string in Chproxy config.
To Reproduce
In a case where we do not provide a Redis username and leave Caches.Redis.Username empty. Leaving username as empty string exposes the Redis password in the info logs.
Example config to reproduce the scenario:
caches:
- name: "shortterm"
mode: "redis"
redis:
insecure_skip_verify: true
addresses:
- "somewhere-redis-master:6379"
username: ""
password: ${REDIS_PASSWORD}
expire: 5m
grace_time: 20s
Expected behavior
Redis password should be masked as XXX in the info logs. Screenshots added below.
Screenshots
Current behavior:
Snippet from info logs:
Expected behavior:
Environment information
OS: Linux/Amd64
Chproxy: v1.26.0
Additional context
None
I'm closing the issue since the fix was merged