From 3869f18108b21a31ad7e675356fcd2d2231c4adf Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Mon, 22 Sep 2025 09:04:41 +0200 Subject: [PATCH 1/2] custom Debug implementation for Settings struct to avoid exposing license key in logs --- .../defguard_common/src/db/models/settings.rs | 96 ++++++++++++++++++- 1 file changed, 94 insertions(+), 2 deletions(-) diff --git a/crates/defguard_common/src/db/models/settings.rs b/crates/defguard_common/src/db/models/settings.rs index bb987cc1d4..e2ae4fee63 100644 --- a/crates/defguard_common/src/db/models/settings.rs +++ b/crates/defguard_common/src/db/models/settings.rs @@ -1,4 +1,4 @@ -use std::collections::HashMap; +use std::{collections::HashMap, fmt}; use crate::{global_value, secret::SecretStringWrapper}; use serde::{Deserialize, Serialize}; @@ -77,7 +77,7 @@ impl LdapSyncStatus { } } -#[derive(Clone, Debug, Deserialize, PartialEq, Patch, Serialize, Default)] +#[derive(Clone, Deserialize, PartialEq, Patch, Serialize, Default)] #[patch(attribute(derive(Deserialize, Serialize, Debug)))] pub struct Settings { // Modules @@ -144,6 +144,85 @@ pub struct Settings { pub gateway_disconnect_notifications_reconnect_notification_enabled: bool, } +// Implement manually to avoid exposing the license key. +impl fmt::Debug for Settings { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.debug_struct("Settings") + .field("openid_enabled", &self.openid_enabled) + .field("wireguard_enabled", &self.wireguard_enabled) + .field("webhooks_enabled", &self.webhooks_enabled) + .field("worker_enabled", &self.worker_enabled) + .field("challenge_template", &self.challenge_template) + .field("instance_name", &self.instance_name) + .field("main_logo_url", &self.main_logo_url) + .field("nav_logo_url", &self.nav_logo_url) + .field("smtp_server", &self.smtp_server) + .field("smtp_port", &self.smtp_port) + .field("smtp_encryption", &self.smtp_encryption) + .field("smtp_user", &self.smtp_user) + .field("smtp_password", &self.smtp_password) + .field("smtp_sender", &self.smtp_sender) + .field( + "enrollment_vpn_step_optional", + &self.enrollment_vpn_step_optional, + ) + .field( + "enrollment_welcome_message", + &self.enrollment_welcome_message, + ) + .field("enrollment_welcome_email", &self.enrollment_welcome_email) + .field( + "enrollment_welcome_email_subject", + &self.enrollment_welcome_email_subject, + ) + .field( + "enrollment_use_welcome_message_as_email", + &self.enrollment_use_welcome_message_as_email, + ) + .field("uuid", &self.uuid) + .field("ldap_url", &self.ldap_url) + .field("ldap_bind_username", &self.ldap_bind_username) + .field("ldap_bind_password", &self.ldap_bind_password) + .field("ldap_group_search_base", &self.ldap_group_search_base) + .field("ldap_user_search_base", &self.ldap_user_search_base) + .field("ldap_user_obj_class", &self.ldap_user_obj_class) + .field("ldap_group_obj_class", &self.ldap_group_obj_class) + .field("ldap_username_attr", &self.ldap_username_attr) + .field("ldap_groupname_attr", &self.ldap_groupname_attr) + .field("ldap_group_member_attr", &self.ldap_group_member_attr) + .field("ldap_member_attr", &self.ldap_member_attr) + .field("ldap_use_starttls", &self.ldap_use_starttls) + .field("ldap_tls_verify_cert", &self.ldap_tls_verify_cert) + .field("ldap_sync_status", &self.ldap_sync_status) + .field("ldap_enabled", &self.ldap_enabled) + .field("ldap_sync_enabled", &self.ldap_sync_enabled) + .field("ldap_is_authoritative", &self.ldap_is_authoritative) + .field("ldap_uses_ad", &self.ldap_uses_ad) + .field("ldap_sync_interval", &self.ldap_sync_interval) + .field( + "ldap_user_auxiliary_obj_classes", + &self.ldap_user_auxiliary_obj_classes, + ) + .field("ldap_user_rdn_attr", &self.ldap_user_rdn_attr) + .field("ldap_sync_groups", &self.ldap_sync_groups) + .field("openid_create_account", &self.openid_create_account) + .field("openid_username_handling", &self.openid_username_handling) + .field( + "gateway_disconnect_notifications_enabled", + &self.gateway_disconnect_notifications_enabled, + ) + .field( + "gateway_disconnect_notifications_inactivity_threshold", + &self.gateway_disconnect_notifications_inactivity_threshold, + ) + .field( + "gateway_disconnect_notifications_reconnect_notification_enabled", + &self.gateway_disconnect_notifications_reconnect_notification_enabled, + ) + .finish_non_exhaustive() + } +} + impl Settings { pub async fn get<'e, E>(executor: E) -> Result, sqlx::Error> where @@ -465,4 +544,17 @@ mod test { settings.smtp_password = Some(SecretStringWrapper::from_str("hunter2").unwrap()); assert!(settings.smtp_configured()); } + + #[test] + fn dg25_32_test_dont_expose_license_key() { + let key = "0000000000000000"; + let settings = Settings { + license: Some(key.to_string()), + ..Default::default() + }; + + let debug = format!("{settings:?}"); + assert!(!debug.contains("license")); + assert!(!debug.contains(key)); + } } From 9757b6b528e470348196e776f0f332b0ee7323c5 Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Mon, 22 Sep 2025 09:12:46 +0200 Subject: [PATCH 2/2] cargo update --- Cargo.lock | 91 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 63 insertions(+), 28 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 398807a10a..2f4b4890ec 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -91,9 +91,9 @@ checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923" [[package]] name = "ammonia" -version = "4.1.1" +version = "4.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d6b346764dd0814805de8abf899fe03065bcee69bb1a4771c785817e39f3978f" +checksum = "17e913097e1a2124b46746c980134e8c954bc17a6a59bb3fde96f088d126dde6" dependencies = [ "cssparser", "html5ever", @@ -163,9 +163,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.99" +version = "1.0.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b0674a1ddeecb70197781e945de4b3b8ffb61fa939a5597bcf48503737663100" +checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61" [[package]] name = "arbitrary" @@ -677,9 +677,9 @@ checksum = "bba18ee93d577a8428902687bcc2b6b45a56b1981a1f6d779731c86cc4c5db18" [[package]] name = "clap" -version = "4.5.47" +version = "4.5.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7eac00902d9d136acd712710d71823fb8ac8004ca445a89e73a41d45aa712931" +checksum = "e2134bb3ea021b78629caa971416385309e0131b351b25e01dc16fb54e1b5fae" dependencies = [ "clap_builder", "clap_derive", @@ -687,9 +687,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.47" +version = "4.5.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ad9bbf750e73b5884fb8a211a9424a1906c1e156724260fdae972f31d70e1d6" +checksum = "c2ba64afa3c0a6df7fa517765e31314e983f51dda798ffba27b988194fb65dc9" dependencies = [ "anstream", "anstyle", @@ -1016,8 +1016,18 @@ version = "0.20.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc7f46116c46ff9ab3eb1597a45688b6715c6e628b5c133e288e709a29bcb4ee" dependencies = [ - "darling_core", - "darling_macro", + "darling_core 0.20.11", + "darling_macro 0.20.11", +] + +[[package]] +name = "darling" +version = "0.21.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9cdf337090841a411e2a7f3deb9187445851f91b309c0c0a29e05f74a00a48c0" +dependencies = [ + "darling_core 0.21.3", + "darling_macro 0.21.3", ] [[package]] @@ -1034,13 +1044,38 @@ dependencies = [ "syn", ] +[[package]] +name = "darling_core" +version = "0.21.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1247195ecd7e3c85f83c8d2a366e4210d588e802133e1e355180a9870b517ea4" +dependencies = [ + "fnv", + "ident_case", + "proc-macro2", + "quote", + "strsim", + "syn", +] + [[package]] name = "darling_macro" version = "0.20.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc34b93ccb385b40dc71c6fceac4b2ad23662c7eeb248cf10d529b7e055b6ead" dependencies = [ - "darling_core", + "darling_core 0.20.11", + "quote", + "syn", +] + +[[package]] +name = "darling_macro" +version = "0.21.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d38308df82d1080de0afee5d069fa14b0326a88c14f15c5ccda35b4a6c414c81" +dependencies = [ + "darling_core 0.21.3", "quote", "syn", ] @@ -1330,7 +1365,7 @@ version = "0.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2d5bcf7b024d6835cfb3d473887cd966994907effbe9227e8c8219824d06c4e8" dependencies = [ - "darling", + "darling 0.20.11", "proc-macro2", "quote", "syn", @@ -4227,9 +4262,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.31" +version = "0.23.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0ebcbd2f03de0fc1122ad9bb24b127a5a6cd51d72604a3f3c50ac459762b6cc" +checksum = "cd3c25631629d034ce7cd9940adc9d45762d46de2b0f57193c4443b92c6d4d40" dependencies = [ "log", "once_cell", @@ -4249,7 +4284,7 @@ dependencies = [ "openssl-probe", "rustls-pki-types", "schannel", - "security-framework 3.4.0", + "security-framework 3.5.0", ] [[package]] @@ -4373,9 +4408,9 @@ dependencies = [ [[package]] name = "security-framework" -version = "3.4.0" +version = "3.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "60b369d18893388b345804dc0007963c99b7d665ae71d275812d828c6f089640" +checksum = "cc198e42d9b7510827939c9a15f5062a0c913f3371d765977e586d2fe6c16f4a" dependencies = [ "bitflags 2.9.4", "core-foundation 0.10.1", @@ -4406,9 +4441,9 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.225" +version = "1.0.226" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd6c24dee235d0da097043389623fb913daddf92c76e9f5a1db88607a0bcbd1d" +checksum = "0dca6411025b24b60bfa7ec1fe1f8e710ac09782dca409ee8237ba74b51295fd" dependencies = [ "serde_core", "serde_derive", @@ -4446,18 +4481,18 @@ dependencies = [ [[package]] name = "serde_core" -version = "1.0.225" +version = "1.0.226" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "659356f9a0cb1e529b24c01e43ad2bdf520ec4ceaf83047b83ddcc2251f96383" +checksum = "ba2ba63999edb9dac981fb34b3e5c0d111a69b0924e253ed29d83f7c99e966a4" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.225" +version = "1.0.226" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ea936adf78b1f766949a4977b91d2f5595825bd6ec079aa9543ad2685fc4516" +checksum = "8db53ae22f34573731bafa1db20f04027b2d25e02d8205921b569171699cdb33" dependencies = [ "proc-macro2", "quote", @@ -4535,9 +4570,9 @@ dependencies = [ [[package]] name = "serde_with" -version = "3.14.0" +version = "3.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2c45cd61fefa9db6f254525d46e392b852e0e61d9a1fd36e5bd183450a556d5" +checksum = "c522100790450cf78eeac1507263d0a350d4d5b30df0c8e1fe051a10c22b376e" dependencies = [ "base64 0.22.1", "chrono", @@ -4555,11 +4590,11 @@ dependencies = [ [[package]] name = "serde_with_macros" -version = "3.14.0" +version = "3.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "de90945e6565ce0d9a25098082ed4ee4002e047cb59892c318d66821e14bb30f" +checksum = "327ada00f7d64abaac1e55a6911e90cf665aa051b9a561c7006c157f4633135e" dependencies = [ - "darling", + "darling 0.21.3", "proc-macro2", "quote", "syn",