Bug 1661445 - exposure of database information on API login request
Summary: exposure of database information on API login request
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: API
Version: 5.9.5
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: GA
: 5.11.0
Assignee: Joe Vlcek
QA Contact: Parthvi Vala
Red Hat CloudForms Documentation
URL:
Whiteboard:
Depends On:
Blocks: 1686021
TreeView+ depends on / blocked
 
Reported: 2018-12-21 09:29 UTC by Niladri Roy
Modified: 2019-12-13 14:54 UTC (History)
6 users (show)

Fixed In Version: 5.11.0.1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1686021 (view as bug list)
Environment:
Last Closed: 2019-12-13 14:54:18 UTC
Category: Bug
Cloudforms Team: CFME Core
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github ManageIQ integration_tests pull 9694 0 'None' 'closed' '[1LP][RFR] Audit qe-test-coverage for Customer BZs' 2019-12-04 12:40:59 UTC

Comment 7 Joe Vlcek 2019-01-11 11:27:44 UTC 
https://github.com/ManageIQ/manageiq-api/pull/537
Comment 8 Joe Vlcek 2019-01-11 11:35:31 UTC 
New commit on ManageIQ/manageiq-api/master:

https://github.com/ManageIQ/manageiq-api/commit/325a5a105a7aefc4c6864823890f72a071c14360

Author: Joe VLcek <jvlcek>

    Remove SQL select from exception error messages.
    
    Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1661445

 app/controllers/api/base_controller/authentication.rb |  4 ++--
 lib/services/api/error_serializer.rb                  |  3 ++-
 spec/lib/services/api/error_serializer_spec.rb        | 20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 3 deletions(-)
Comment 10 Parthvi Vala 2019-05-02 09:25:37 UTC 
FIXED. Verified on 5.11.0.2.20190430174828_0e34dea.
Note You need to log in before you can comment on or make changes to this bug.