Strix

gilles/Strix

Fork 0

Commit Graph

Author	SHA1	Message	Date
eduard256	3acc966658	Mask URL-encoded passwords in debug logs SecretStore.Add now registers both plain text and URL-encoded forms of the password. Fixes cases where passwords with special characters (e.g. @, #, :) appear percent-encoded in URLs but were not matched by the masking handler.	2026-03-20 19:59:22 +00:00
eduard256	8cf05a1576	Fix credentials leaking in debug logs (#4 ) Add a secret-masking slog.Handler that automatically replaces registered passwords with "***" in all log output. Secrets are registered per-scan when a discovery request arrives and unregistered when it completes. This approach masks credentials everywhere they appear in logs — URL userinfo, query parameters, path segments, and Go HTTP error messages — without modifying any business logic in scanner, builder, tester, or ONVIF components. API responses are unaffected and still return full URLs with credentials for frontend use.	2026-03-20 11:03:01 +00:00

Author

SHA1

Message

Date

eduard256

3acc966658

Mask URL-encoded passwords in debug logs

SecretStore.Add now registers both plain text and URL-encoded forms
of the password. Fixes cases where passwords with special characters
(e.g. @, #, :) appear percent-encoded in URLs but were not matched
by the masking handler.

2026-03-20 19:59:22 +00:00

eduard256

8cf05a1576

Fix credentials leaking in debug logs (#4 )

Add a secret-masking slog.Handler that automatically replaces registered
passwords with "***" in all log output. Secrets are registered per-scan
when a discovery request arrives and unregistered when it completes.

This approach masks credentials everywhere they appear in logs — URL
userinfo, query parameters, path segments, and Go HTTP error messages —
without modifying any business logic in scanner, builder, tester, or
ONVIF components. API responses are unaffected and still return full
URLs with credentials for frontend use.

2026-03-20 11:03:01 +00:00

2 Commits