dheeraj12347 opened a new pull request, #13559: URL: https://github.com/apache/cloudstack/pull/13559
## Summary This PR fixes a sensitive information disclosure issue in `ApiServlet` where duplicate sensitive query parameter values were logged in plaintext before authentication. Previously, when duplicate query parameters such as `password` were received, `checkSingleQueryParameterValue()` logged all values using `Arrays.toString(...)`, which could expose sensitive information in management logs even if the request was later rejected. ## Changes - Redacted duplicate values for sensitive query parameters before logging. - Introduced a shared helper to identify sensitive parameter names. - Reused the helper in `getCleanParamsString()` to avoid duplicating sensitive parameter detection logic. - Preserved the existing duplicate-parameter warning behavior for non-sensitive parameters. - Added regression tests covering both sensitive and non-sensitive parameter handling. ## Testing - Verified that duplicate sensitive parameters are logged as `[REDACTED, REDACTED]`. - Verified that duplicate non-sensitive parameters continue to be logged unchanged. - Added unit tests for sensitive parameter detection. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
