selenium icon indicating copy to clipboard operation
selenium copied to clipboard

Published 20 hours ago verified publisher icon SeleniumHQ

[🐛 Bug]: Auth info in Logs in selenium grid

Open amardeep2006 opened this issue 1 year ago • 5 comments

What happened?

I am running selenium grid and I see username/password in logs. I have auth enabled. This is visible in both hub and chrome-node logs. It appears as part of capabilities under se:vnc and se:cdp section.

I feel this can be potential security issue. I am not sure what can be the solution but as it's part of INFO logging level, it will be logged almost in most default cases.

Here are few suspected sources I feel. I could not find why it appears in browser node's logs.

https://github.com/SeleniumHQ/selenium/blob/d65e38e34fc6ac29b7c2c62cc0b924d7f8762e6d/java/src/org/openqa/selenium/grid/distributor/local/LocalDistributor.java#L586

https://github.com/SeleniumHQ/selenium/blob/d65e38e34fc6ac29b7c2c62cc0b924d7f8762e6d/java/src/org/openqa/selenium/grid/node/local/LocalNode.java#L495

How can we reproduce the issue?

I started the grid in hub mode. I suspect the same will appear in Distributor logs as well if I run grid as isolated components.

Relevant log output

10:26:30.043 INFO [LocalNode.newSession] - Session created by the Node. Id: bd64e2f9a306477d40843d3d74660381, Caps: Capabilities {acceptInsecureCerts: false, browserName: chrome, browserVersion: 122.0.6261.94, chrome: {chromedriverVersion: 122.0.6261.94 (880dbf29479c..., userDataDir: /tmp/.org.chromium.Chromium...}, fedcm:accounts: true, goog:chromeOptions: {debuggerAddress: localhost:39807}, networkConnectionEnabled: false, pageLoadStrategy: normal, platformName: linux, proxy: Proxy(), se:bidiEnabled: false, se:cdp: wss://admin:admin@org-se..., se:cdpVersion: 122.0.6261.94, se:vnc: wss://admin:admin@org-se..., se:vncEnabled: true, se:vncLocalAddress: ws://10.42.23.63:7900, setWindowRect: true, strictFileInteractability: false, timeouts: {implicit: 0, pageLoad: 300000, script: 30000}, unhandledPromptBehavior: dismiss and notify, webauthn:extension:credBlob: true, webauthn:extension:largeBlob: true, webauthn:extension:minPinLength: true, webauthn:extension:prf: true, webauthn:virtualAuthenticators: true}

Operating System

Ubuntu

Selenium version

Java 4.18.1

What are the browser(s) and version(s) where you see this issue?

Chrome 122

What are the browser driver(s) and version(s) where you see this issue?

122.0.6261.94

Are you using Selenium Grid?

4.18.1

amardeep2006 avatar Mar 02 '24 12:03 amardeep2006

@amardeep2006, thank you for creating this issue. We will troubleshoot it as soon as we can.

Info for maintainers

Triage this issue by using labels.

If information is missing, add a helpful comment and then I-issue-template label.

If the issue is a question, add the I-question label.

If the issue is valid but there is no time to troubleshoot it, consider adding the help wanted label.

If the issue requires changes or fixes from an external project (e.g., ChromeDriver, GeckoDriver, MSEdgeDriver, W3C), add the applicable G-* label, and it will provide the correct link and auto-close the issue.

After troubleshooting the issue, please add the R-awaiting answer label.

Thank you!

github-actions[bot] avatar Mar 02 '24 12:03 github-actions[bot]

This issue is looking for contributors.

Please comment below or reach out to us through our IRC/Slack/Matrix channels if you are interested.

github-actions[bot] avatar Mar 04 '24 12:03 github-actions[bot]

Hello, I want to try fixing this bug. Assign to me please

zhangwt-cn avatar Mar 19 '24 09:03 zhangwt-cn

@zhangwt-cn, we do not assign bugs. Feel free to discuss your approach here and we will assist you when you send us a PR.

diemol avatar Mar 19 '24 12:03 diemol