From 534446fc30874030d6c283a264529cfb75aa3079 Mon Sep 17 00:00:00 2001
From: Zach Butler <kj4ezj@pm.me>
Date: Mon, 26 Feb 2024 18:26:52 -0500
Subject: [PATCH] Stop printing passwords

---
 README.md  | 6 ++++++
 zap2xml.pl | 4 +++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 602f549..bb470cc 100644
--- a/README.md
+++ b/README.md
@@ -62,6 +62,12 @@ docker kill "$(docker ps | tail -1 | awk '{print $1}')"
 ```
 For this reason and others, the wrapper will be removed in a subsequent version. If you plan to rely upon it, please pull your container by `git` tag.
 
+To prevent your password from ending up in a bunch of logs (or worse), `zap2xml` no longer prints the arguments it sees when it starts by default. If you need this for debugging, set:
+```bash
+export DEBUG='true'
+```
+It always prints the `argc` so you can tell if it is seeing the correct number of arguments without exposing your password.
+
 ## Development
 Contributors need these tools installed.
 - [act](https://github.com/nektos/act)
diff --git a/zap2xml.pl b/zap2xml.pl
index 5c3503a..008f07a 100755
--- a/zap2xml.pl
+++ b/zap2xml.pl
@@ -46,7 +46,9 @@
 $VERSION = "2018-12-01";
 print "zap2xml ($VERSION)\n";
 print "argc: " . ($#ARGV + 2) . "\n";
-print "argv: [" . join(", ", map { "\"$_\"" } ($0, @ARGV)) . "]\n";
+if ($ENV{DEBUG} eq 'true') {
+    print "argv: [" . join(", ", map { "\"$_\"" } ($0, @ARGV)) . "]\n";
+}
 
 %options=();
 getopts("?aA:bB:c:C:d:DeE:Fgi:IjJ:l:Lm:Mn:N:o:Op:P:qRr:s:S:t:Tu:UwWxY:zZ:89",\%options);