Mask passwords in exceptions and error messages
When a ProcessExecutionError is thrown by processutils.ssh_execute(),
the exception may contain information such as password. Upstream
applications that just log the message (as several appear to do)
could inadvertently expose these passwords to a user with read access to
the log files. It is therefore considered prudent to invoke
strutils.mask_password() on the command, stdout and stderr in the
exception. A test case has been added (to oslo-incubator) in order to
ensure that all three are properly masked.
An earlier commit (853d8f9897
) failed
to address ssh_execute(). This change set addresses ssh_execute.
OSSA is aware of this change request.
Change-Id: Ie0caf32469126dd9feb44867adf27acb6e383958
Closes-Bug: #1377981
This commit is contained in:
parent
05a564dc80
commit
8e7d6a60ff
|
@ -245,7 +245,8 @@ def trycmd(*args, **kwargs):
|
|||
|
||||
def ssh_execute(ssh, cmd, process_input=None,
|
||||
addl_env=None, check_exit_code=True):
|
||||
LOG.debug('Running cmd (SSH): %s', cmd)
|
||||
sanitized_cmd = strutils.mask_password(cmd)
|
||||
LOG.debug('Running cmd (SSH): %s', sanitized_cmd)
|
||||
if addl_env:
|
||||
raise InvalidArgumentError(_('Environment not supported over SSH'))
|
||||
|
||||
|
@ -259,7 +260,10 @@ def ssh_execute(ssh, cmd, process_input=None,
|
|||
# NOTE(justinsb): This seems suspicious...
|
||||
# ...other SSH clients have buffering issues with this approach
|
||||
stdout = stdout_stream.read()
|
||||
sanitized_stdout = strutils.mask_password(stdout)
|
||||
stderr = stderr_stream.read()
|
||||
sanitized_stderr = strutils.mask_password(stderr)
|
||||
|
||||
stdin_stream.close()
|
||||
|
||||
exit_status = channel.recv_exit_status()
|
||||
|
@ -269,11 +273,11 @@ def ssh_execute(ssh, cmd, process_input=None,
|
|||
LOG.debug('Result was %s' % exit_status)
|
||||
if check_exit_code and exit_status != 0:
|
||||
raise ProcessExecutionError(exit_code=exit_status,
|
||||
stdout=stdout,
|
||||
stderr=stderr,
|
||||
cmd=cmd)
|
||||
stdout=sanitized_stdout,
|
||||
stderr=sanitized_stderr,
|
||||
cmd=sanitized_cmd)
|
||||
|
||||
return (stdout, stderr)
|
||||
return (sanitized_stdout, sanitized_stderr)
|
||||
|
||||
|
||||
def get_worker_count():
|
||||
|
|
Loading…
Reference in New Issue