Fix access token leak to logs from proxyagent (#13855) - matrix/thirdparty/synapse.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Eric Eastwood <erice@element.io>	2022-09-23 11:49:39 -0500
committer	GitHub <noreply@github.com>	2022-09-23 11:49:39 -0500
commit	db868db594c1a8a0baa3686b60f1c49c0d4be371 (patch)
tree	277a6b46085b9adbadd872bdf7a77feba9c37a11 /LICENSE
parent	Update Cargo.lock file. (#13889) (diff)
download	synapse-db868db594c1a8a0baa3686b60f1c49c0d4be371.tar.xz

Fix access token leak to logs from proxyagent (#13855)

This can happen specifically with an application service `/transactions/10722?access_token=leaked` request

Fix https://github.com/matrix-org/synapse/issues/13010

---

Saw an example leak in https://github.com/matrix-org/synapse/issues/13423#issuecomment-1205348482

```
2022-08-04 14:47:57,925 - synapse.http.client - 401 - DEBUG - as-sender-signal-1 - Sending request PUT http://localhost:29328/transactions/10722?access_token=<redacted>
2022-08-04 14:47:57,926 - synapse.http.proxyagent - 223 - DEBUG - as-sender-signal-1 - Requesting b'http://localhost:29328/transactions/10722?access_token=leaked' via <HostnameEndpoint localhost:29328>
```

Diffstat (limited to 'LICENSE')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: