Improper error handling can lead to credentials leakage

[mortenlj]

When listing all services in a project, the resulting response contains all services, with all service users, with all credentials.

In certain situations, that response can find its way into an error that is returned, and propagated up the callstack until it is handled, most typically be being logged.
This can lead to credentials being logged in places they shouldn't be.

One possible situation where this might happen:

When the client has received a response from the API and tries to read the buffer, io.ReadAll may return an error in some situations. This could presumably be things like read timeout, connection reset or other forms of I/O errors.
In this case, the client returns an error where the message is whatever has been read from the buffer so far, which could be anything.

aiven-go-client/client.go

Line 371 in 99411b8

if err != nil || rsp.StatusCode < 200 || rsp.StatusCode >= 300 {