From 98bea7f563896531914eb517281af9d04819dfaf Mon Sep 17 00:00:00 2001 From: Yuriy Andamasov Date: Tue, 2 Jun 2026 17:51:54 +0300 Subject: remote: T8956: stop leaking URL credentials in TftpC.upload() TftpC.upload() printed `{command} "{urlstring}"` to stdout before running the command. This was debug code from the time where VRF support was added. As TFTP has no authentication - no credentials got leaked. --- python/vyos/remote.py | 1 - 1 file changed, 1 deletion(-) (limited to 'python') diff --git a/python/vyos/remote.py b/python/vyos/remote.py index b69e8d32b..3be87e179 100644 --- a/python/vyos/remote.py +++ b/python/vyos/remote.py @@ -476,7 +476,6 @@ class TftpC: vrf=self.vrf).encode()) def upload(self, location: str): - print(f'{self.command} "{self.urlstring}"') with open(location, 'rb') as f: cmd(f'{self.command} --upload-file - "{self.urlstring}"', input=f.read(), vrf=self.vrf) -- cgit v1.2.3