diff options
| author | Yuriy Andamasov <yuriy@vyos.io> | 2026-06-02 17:51:54 +0300 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2026-06-04 21:41:34 +0200 |
| commit | 98bea7f563896531914eb517281af9d04819dfaf (patch) | |
| tree | d6275e205aa2db273eaf1f63aac176f948ff611b /python | |
| parent | e238afbd6bc272b02b426f1b16fe8d16f6069c05 (diff) | |
| download | vyos-1x-98bea7f563896531914eb517281af9d04819dfaf.tar.gz vyos-1x-98bea7f563896531914eb517281af9d04819dfaf.zip | |
remote: T8956: stop leaking URL credentials in TftpC.upload()
TftpC.upload() printed `{command} "{urlstring}"` to stdout before running the
command. This was debug code from the time where VRF support was added. As TFTP
has no authentication - no credentials got leaked.
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/remote.py | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/python/vyos/remote.py b/python/vyos/remote.py index b69e8d32b..3be87e179 100644 --- a/python/vyos/remote.py +++ b/python/vyos/remote.py @@ -476,7 +476,6 @@ class TftpC: vrf=self.vrf).encode()) def upload(self, location: str): - print(f'{self.command} "{self.urlstring}"') with open(location, 'rb') as f: cmd(f'{self.command} --upload-file - "{self.urlstring}"', input=f.read(), vrf=self.vrf) |
