From 4b0c2d6a48f6a0f86fed10e4ad1fe04491714bbb Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Fri, 15 Dec 2023 06:24:17 -0500 Subject: [PATCH] fix: mask nvd.api.key in logs resolves GHSA-qqhq-8r2c-c3f5 --- core/src/main/resources/dependencycheck.properties | 2 +- core/src/test/resources/dependencycheck.properties | 2 +- utils/src/test/resources/dependencycheck.properties | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/core/src/main/resources/dependencycheck.properties b/core/src/main/resources/dependencycheck.properties index 7c2143864b9..b7b73ffa5dc 100644 --- a/core/src/main/resources/dependencycheck.properties +++ b/core/src/main/resources/dependencycheck.properties @@ -27,7 +27,7 @@ data.version=5.4 odc.analysis.timeout=180 # define which settings are masked when logged -odc.settings.mask=.*password.*,.*token.* +odc.settings.mask=.*password.*,.*token.*,.*api.key.* data.connection_string=jdbc:h2:file:%s;AUTOCOMMIT=ON;CACHE_SIZE=65536;RETENTION_TIME=1000;MAX_COMPACT_TIME=10000; #data.connection_string=jdbc:mysql://localhost:3306/dependencycheck diff --git a/core/src/test/resources/dependencycheck.properties b/core/src/test/resources/dependencycheck.properties index e62025057b3..a6841ab15b0 100644 --- a/core/src/test/resources/dependencycheck.properties +++ b/core/src/test/resources/dependencycheck.properties @@ -23,7 +23,7 @@ data.version=5.4 odc.analysis.timeout=20 # define which settings are masked when logged -odc.settings.mask=.*password.*,.*token.* +odc.settings.mask=.*password.*,.*token.*,.*api.key.* data.connection_string=jdbc:h2:file:%s;AUTOCOMMIT=ON;CACHE_SIZE=65536; #data.connection_string=jdbc:mysql://localhost:3306/dependencycheck diff --git a/utils/src/test/resources/dependencycheck.properties b/utils/src/test/resources/dependencycheck.properties index 5c29fd5f4bb..ffacd285702 100644 --- a/utils/src/test/resources/dependencycheck.properties +++ b/utils/src/test/resources/dependencycheck.properties @@ -23,7 +23,7 @@ data.version=5.3 odc.analysis.timeout=20 # define which settings are masked when logged -odc.settings.mask=.*password.*,.*token.* +odc.settings.mask=.*password.*,.*token.*,.*api.key.* data.connection_string=jdbc:h2:file:%s;AUTOCOMMIT=ON;CACHE_SIZE=65536; #data.connection_string=jdbc:mysql://localhost:3306/dependencycheck