diff --git a/age-core/src/io.rs b/age-core/src/io.rs index 625a3706..69b41b45 100644 --- a/age-core/src/io.rs +++ b/age-core/src/io.rs @@ -17,11 +17,12 @@ impl DebugReader { #[cfg(feature = "plugin")] #[cfg_attr(docsrs, doc(cfg(feature = "plugin")))] pub(crate) fn new(reader: R, debug_enabled: bool) -> Self { + // Only enable debug tee in debug builds to prevent accidental plaintext leakage + #[cfg(debug_assertions)] if debug_enabled { - DebugReader::On(reader.tee_dbg()) - } else { - DebugReader::Off(reader) + return DebugReader::On(reader.tee_dbg()); } + DebugReader::Off(reader) } } @@ -44,11 +45,12 @@ impl DebugWriter { #[cfg(feature = "plugin")] #[cfg_attr(docsrs, doc(cfg(feature = "plugin")))] pub(crate) fn new(writer: W, debug_enabled: bool) -> Self { + // Only enable debug tee in debug builds to prevent accidental plaintext leakage + #[cfg(debug_assertions)] if debug_enabled { - DebugWriter::On(writer.tee_dbg()) - } else { - DebugWriter::Off(writer) + return DebugWriter::On(writer.tee_dbg()); } + DebugWriter::Off(writer) } } diff --git a/age-core/src/plugin.rs b/age-core/src/plugin.rs index aa3e40c3..b5139836 100644 --- a/age-core/src/plugin.rs +++ b/age-core/src/plugin.rs @@ -72,9 +72,15 @@ impl Connection, DebugWriter> { /// If the `AGEDEBUG` environment variable is set to `plugin`, then all messages sent /// to and from the plugin, as well as anything the plugin prints to its `stderr`, /// will be printed to the `stderr` of the parent process. + /// + /// This debugging functionality is only available in debug builds to prevent + /// accidental plaintext leakage in production. pub fn open(binary: &Path, state_machine: &str) -> io::Result { let working_dir = tempfile::tempdir()?; + #[cfg(debug_assertions)] let debug_enabled = env::var("AGEDEBUG").map(|s| s == "plugin").unwrap_or(false); + #[cfg(not(debug_assertions))] + let debug_enabled = false; let process = Command::new(binary.canonicalize()?) .arg(format!("--age-plugin={}", state_machine)) .current_dir(working_dir.path())