Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

This can cause the bot's token to be compromised #628

Open
pillarion opened this issue Jan 26, 2023 · 1 comment · May be fixed by #660
Open

This can cause the bot's token to be compromised #628

pillarion opened this issue Jan 26, 2023 · 1 comment · May be fixed by #660

Comments

@pillarion
Copy link

Description

// GetUpdatesChan starts and returns a channel for getting updates.
func (bot *BotAPI) GetUpdatesChan(config UpdateConfig) UpdatesChannel
...
updates, err := bot.GetUpdates(config)
			if err != nil {
				log.Println(err)
				log.Println("Failed to get updates, retrying in 3 seconds...")
				time.Sleep(time.Second * 3)

				continue
			}
...

The line log.Println(err) puts the bot's token into the log. This can cause the token to be compromised.

Example log:

2023/01/26 17:15:22 Post "https://api.telegram.org/bot<full_bot_token>/getUpdates": read tcp <ip>:<port>-><ip>:<port>: read: connection reset by peer
2023/01/26 17:15:22 Failed to get updates, retrying in 3 seconds...

Affected Modules, Packages, Versions and Symbols

Module: github.com/example/module
github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1
@apophatique
Copy link

how to fix error "read: connection reset by peer"? @pillarion

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants