GPG.decrypt_file() is logging decrypted data #196
Description
GPG.decrypt_file() is logging decrypted data on DEBUG logging level.
It may cause a leak of sensitive information.
logging.basicConfig(format='[%(levelname)s] %(message)s', level=logging.DEBUG)
gnupg.GPG().decrypt_file(open("ENCRYPTED_TOKEN_FILE", 'rb'))Output:
...
[DEBUG] [GNUPG:] DECRYPTION_OKAY
[DEBUG] chunk: <TOKEN>
[DEBUG] [GNUPG:] GOODMDC
[DEBUG] [GNUPG:] END_DECRYPTION
...
Versions:
- Python: 3.10.4
- python-gnupg: 0.4.9
- gpg: 2.2.27
- libgcrypt: 1.9.4