dheeraj12347 opened a new pull request, #13559:
URL: https://github.com/apache/cloudstack/pull/13559

   ## Summary
   
   This PR fixes a sensitive information disclosure issue in `ApiServlet` where 
duplicate sensitive query parameter values were logged in plaintext before 
authentication.
   
   Previously, when duplicate query parameters such as `password` were 
received, `checkSingleQueryParameterValue()` logged all values using 
`Arrays.toString(...)`, which could expose sensitive information in management 
logs even if the request was later rejected.
   
   ## Changes
   
   - Redacted duplicate values for sensitive query parameters before logging.
   - Introduced a shared helper to identify sensitive parameter names.
   - Reused the helper in `getCleanParamsString()` to avoid duplicating 
sensitive parameter detection logic.
   - Preserved the existing duplicate-parameter warning behavior for 
non-sensitive parameters.
   - Added regression tests covering both sensitive and non-sensitive parameter 
handling.
   
   ## Testing
   
   - Verified that duplicate sensitive parameters are logged as `[REDACTED, 
REDACTED]`.
   - Verified that duplicate non-sensitive parameters continue to be logged 
unchanged.
   - Added unit tests for sensitive parameter detection.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to