Opened at 2013-10-04T16:52:50Z
Last modified at 2021-03-30T18:40:19Z
#2090 new defect
Don't expose URIs after failed CLI commands
| Reported by: | markberger | Owned by: | daira |
|---|---|---|---|
| Priority: | major | Milestone: | soon |
| Component: | code-frontend-cli | Version: | 1.10.0 |
| Keywords: | easy security capleak error cli | Cc: | |
| Launchpad Bug: |
Description
When calling bin/tahoe list-aliases, URIs are knowingly exposed by the user and subsequently logged by the console. However, URIs can also be exposed in error messages that the user is not expecting. For example, if tahoe is not running and the user types bin/tahoe ls tahoe:, the following error message appears:
Error during GET: -1 Error trying to connect to http://127.0.0.1:3456/uri/URI%3ADIR2%3A6dxjh4twxqwlr4dzdlpnhvcd3e%3Anrnqj56icfypdlhqvdcshrpyjfk3dayqencxp6gyxmkae6a62adqnq?t=json: [Errno 61] Connection refused
URIs should not be exposed in such error messages and they should only be exposed when the user asks for them.
Change History (8)
comment:1 Changed at 2013-10-04T17:02:45Z by markberger
- Component changed from unknown to code-frontend-cli
- Keywords easy added
comment:2 Changed at 2013-10-04T21:41:42Z by daira
- Keywords security capleak added
- Priority changed from normal to major
comment:3 Changed at 2013-10-04T21:42:06Z by daira
- Keywords error cli added
comment:4 Changed at 2015-01-29T19:51:12Z by daira
- Milestone changed from undecided to 1.12.0
comment:5 Changed at 2016-03-22T05:02:25Z by warner
- Milestone changed from 1.12.0 to 1.13.0
comment:6 Changed at 2016-06-28T18:17:14Z by warner
- Milestone changed from 1.13.0 to 1.14.0
renaming milestone
comment:7 Changed at 2020-06-30T14:45:13Z by exarkun
- Milestone changed from 1.14.0 to 1.15.0
Moving open issues out of closed milestones.
comment:8 Changed at 2021-03-30T18:40:19Z by meejah
- Milestone changed from 1.15.0 to soon
Ticket retargeted after milestone closed
Note: See
TracTickets for help on using
tickets.
Milestone renamed