mdedetrich commented on PR #100: URL: https://github.com/apache/incubator-pekko-connectors-kafka/pull/100#issuecomment-1629903281
> @mdedetrich the CVE relates to `(sasl.jaas.config,org.apache.kafka.common.security.plain.PlainLoginModule required username='FOOBAR' password='FOOBAR';)` - would it be possible to add something like one of the existing tests but that uses `sasl.jaas.config,org.apache.kafka.common.security.plain.PlainLoginModule`? `sasl.jaas.config` is a config with type Password so it will get masked like every other key that is considered Password (see https://kafka.apache.org/documentation/#connectconfigs_sasl.jaas.config). Thats how this PR works, every single thing which is of type Password gets filtered. I can add a unit test for this if you really want but then I have to manually construct the value so it satisfies to the config parser and with the modified unit test I did its really not necessary -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
