Security concern
ServiceHelper.LogStartupArguments logs sensitive parameters (arguments, environment variables, failure program args) when EnableDebugLogs is enabled. This means passwords embedded in arguments or environment variables are written to the log file in plaintext.
Impact
Users who enable debug logging to troubleshoot service issues will unknowingly persist credentials in log files, which may be accessible to other users or included in support bundles.
Suggested fix
- Mask or redact values known to contain passwords (e.g.
--password, PASSWORD=) even in debug mode
- Or add a prominent warning in documentation that debug logs may contain sensitive information
File
src/Servy.Service/Helpers/ServiceHelper.cs — lines 72, 95-100
Security concern
ServiceHelper.LogStartupArgumentslogs sensitive parameters (arguments, environment variables, failure program args) whenEnableDebugLogsis enabled. This means passwords embedded in arguments or environment variables are written to the log file in plaintext.Impact
Users who enable debug logging to troubleshoot service issues will unknowingly persist credentials in log files, which may be accessible to other users or included in support bundles.
Suggested fix
--password,PASSWORD=) even in debug modeFile
src/Servy.Service/Helpers/ServiceHelper.cs— lines 72, 95-100