Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make SafeRequestBuilderTest check that header values don't leak #3892

Merged
merged 1 commit into from
Sep 26, 2022

Conversation

bantonsson
Copy link
Contributor

What Does This Do

Adds checks for the exception message content for the SafeRequestBuilder to make sure that sensitive header values don't leak.

Motivation

Show that the mitigations for header value leaking in OkHttp3 SNYK-JAVA-COMSQUAREUPOKHTTP3-2958044 added in #3682 is effective.

Additional Notes

@bantonsson bantonsson added tag: no release notes Changes to exclude from release notes tag: security Security related changes labels Sep 26, 2022
@bantonsson bantonsson self-assigned this Sep 26, 2022
@bantonsson bantonsson requested a review from a team as a code owner September 26, 2022 08:12
@bantonsson bantonsson force-pushed the ban/safe=request-builder-test branch from 069de95 to 2c8f817 Compare September 26, 2022 08:53
@bantonsson bantonsson merged commit 7e3d3fd into master Sep 26, 2022
@bantonsson bantonsson deleted the ban/safe=request-builder-test branch September 26, 2022 09:30
@github-actions github-actions bot added this to the 0.109.0 milestone Sep 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
tag: no release notes Changes to exclude from release notes tag: security Security related changes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants