From 7bf38ef8c72d51163aa9048d7a8abe03be33f2b4 Mon Sep 17 00:00:00 2001
From: Ruud Kamphuis <ruudk@users.noreply.github.com>
Date: Tue, 24 Aug 2021 16:49:35 +0200
Subject: [PATCH] [AMQP] [Messenger] Do not leak any credentials when
 connection fails

I noticed that when the connection to AMQP fails for whatever reason all the DSK credentials are leaked.

Yes, the password is masked. But it still leaks the server, port and username.

I think these things should be private and not be logged to a logger server or error capture service.
---
 Tests/Transport/ConnectionTest.php | 4 ++--
 Transport/Connection.php           | 6 +-----
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/Tests/Transport/ConnectionTest.php b/Tests/Transport/ConnectionTest.php
index c37d896..c2a7063 100644
--- a/Tests/Transport/ConnectionTest.php
+++ b/Tests/Transport/ConnectionTest.php
@@ -559,10 +559,10 @@ public function testItDelaysTheMessageWithADifferentRoutingKeyAndTTLs()
         $connection->publish('{}', [], 120000);
     }
 
-    public function testObfuscatePasswordInDsn()
+    public function testNoCredentialLeakageWhenConnectionFails()
     {
         $this->expectException(\AMQPException::class);
-        $this->expectExceptionMessage('Could not connect to the AMQP server. Please verify the provided DSN. ({"host":"localhost","port":5672,"vhost":"/","login":"user","password":"********"})');
+        $this->expectExceptionMessage('Could not connect to the AMQP server. Please verify the provided DSN.');
         $factory = new TestAmqpFactory(
             $amqpConnection = $this->createMock(\AMQPConnection::class),
             $amqpChannel = $this->createMock(\AMQPChannel::class),
diff --git a/Transport/Connection.php b/Transport/Connection.php
index e03dc72..1dead15 100644
--- a/Transport/Connection.php
+++ b/Transport/Connection.php
@@ -495,11 +495,7 @@ public function channel(): \AMQPChannel
             try {
                 $connection->{$connectMethod}();
             } catch (\AMQPConnectionException $e) {
-                $credentials = $this->connectionOptions;
-                $credentials['password'] = '********';
-                unset($credentials['delay']);
-
-                throw new \AMQPException(sprintf('Could not connect to the AMQP server. Please verify the provided DSN. (%s).', json_encode($credentials, \JSON_UNESCAPED_SLASHES)), 0, $e);
+                throw new \AMQPException('Could not connect to the AMQP server. Please verify the provided DSN.', 0, $e);
             }
             $this->amqpChannel = $this->amqpFactory->createChannel($connection);