Hide password in exception messages of SocksAuthRequest
Related: #3504 Motivation: There are two places in the SocksAuthRequest constructor where an IllegalArgumentException is thrown with a password as part of the exception message. This constitutes mishandling of confidential information, which can compromise user privacy and is flagged as critical by security scanners. Modifications: Mask the password in the exception messages Result: No unexpected password leak
This commit is contained in:
parent
a97e413a65
commit
1d061bbb27
@ -41,14 +41,14 @@ public final class SocksAuthRequest extends SocksRequest {
|
||||
throw new NullPointerException("username");
|
||||
}
|
||||
if (!asciiEncoder.canEncode(username) || !asciiEncoder.canEncode(password)) {
|
||||
throw new IllegalArgumentException(" username: " + username + " or password: " + password +
|
||||
" values should be in pure ascii");
|
||||
throw new IllegalArgumentException(
|
||||
"username: " + username + " or password: **** values should be in pure ascii");
|
||||
}
|
||||
if (username.length() > 255) {
|
||||
throw new IllegalArgumentException(username + " exceeds 255 char limit");
|
||||
throw new IllegalArgumentException("username: " + username + " exceeds 255 char limit");
|
||||
}
|
||||
if (password.length() > 255) {
|
||||
throw new IllegalArgumentException(password + " exceeds 255 char limit");
|
||||
throw new IllegalArgumentException("password: **** exceeds 255 char limit");
|
||||
}
|
||||
this.username = username;
|
||||
this.password = password;
|
||||
|
Loading…
Reference in New Issue
Block a user