Fixing issue #35530: Password Leak in Log Messages (#35584) (#35665)

Backport #35584 by @shashank-netapp # Summary The Gitea codebase was logging `Elasticsearch` and `Meilisearch` connection strings directly to log files without sanitizing them. Since connection strings often contain credentials in the format `protocol://username:password@host:port`, this resulted in passwords being exposed in plain text in log output. Fix: - wrapped all instances of setting.Indexer.RepoConnStr and setting.Indexer.IssueConnStr with the `util.SanitizeCredentialURLs()` function before logging them. Fixes: #35530 Co-authored-by: shashank-netapp <108022276+shashank-netapp@users.noreply.github.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2025-10-31 21:28:11 +09:00 · 2025-10-15 17:39:33 +08:00
parent 86d99e2f38
commit 0a87bf9016
2 changed files with 7 additions and 5 deletions
--- a/modules/indexer/issues/indexer.go
+++ b/modules/indexer/issues/indexer.go
@@ -25,6 +25,7 @@ import (
 	"code.gitea.io/gitea/modules/process"
 	"code.gitea.io/gitea/modules/queue"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
 )

 // IndexerMetadata is used to send data to the queue, so it contains only the ids.
@@ -100,7 +101,7 @@ func InitIssueIndexer(syncReindex bool) {
 			issueIndexer = elasticsearch.NewIndexer(setting.Indexer.IssueConnStr, setting.Indexer.IssueIndexerName)
 			existed, err = issueIndexer.Init(ctx)
 			if err != nil {
-				log.Fatal("Unable to issueIndexer.Init with connection %s Error: %v", setting.Indexer.IssueConnStr, err)
+				log.Fatal("Unable to issueIndexer.Init with connection %s Error: %v", util.SanitizeCredentialURLs(setting.Indexer.IssueConnStr), err)
 			}
 		case "db":
 			issueIndexer = db.GetIndexer()
@@ -108,7 +109,7 @@ func InitIssueIndexer(syncReindex bool) {
 			issueIndexer = meilisearch.NewIndexer(setting.Indexer.IssueConnStr, setting.Indexer.IssueConnAuth, setting.Indexer.IssueIndexerName)
 			existed, err = issueIndexer.Init(ctx)
 			if err != nil {
-				log.Fatal("Unable to issueIndexer.Init with connection %s Error: %v", setting.Indexer.IssueConnStr, err)
+				log.Fatal("Unable to issueIndexer.Init with connection %s Error: %v", util.SanitizeCredentialURLs(setting.Indexer.IssueConnStr), err)
 			}
 		default:
 			log.Fatal("Unknown issue indexer type: %s", setting.Indexer.IssueType)