[plugins] Obfuscate proxy credentials in env. settings #3789
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Trivial reproducer: I am not sure if whole |
|
Congratulations! One of the builds has completed. 🍾 You can install the built RPMs by following these steps:
Please note that the RPMs should be used only in a testing environment. |
|
OK, the |
pmoravec
added a commit
to pmoravec/sos
that referenced
this pull request
Sep 26, 2024
HTTP_PROXY or similar env.variables can contain credentials we must scrub. The variables or directly credentials can be specified in a few places the commit deals with. Resolves: sosreport#3789 Signed-off-by: Pavel Moravec <[email protected]>
pmoravec
force-pushed
the
sos-pmoravec-proxy-setting-obfuscate-credentials
branch
from
ee3acd2
to
100071d
Compare
pmoravec
commented
Sep 26, 2024
| "/var/log/anaconda.*", | ||
| "/root/install.log", | ||
| "/root/install.log.syslog" | ||
| ] | ||
|
|
||
| self.add_copy_spec(paths) | ||
| self.add_copy_spec(self.copypaths) |
There was a problem hiding this comment.
The credentials can be in either anaconda log or in the *ks.cfg file - hence apply postproc to all copyspecs.
|
The pylint failure is solved already but checking out this pr doesn't show the commit, so I think you'll have to resync. |
jcastill
approved these changes
Sep 26, 2024
arif-ali
approved these changes
Sep 26, 2024
pmoravec
added a commit
to pmoravec/sos
that referenced
this pull request
Sep 26, 2024
HTTP_PROXY or similar env.variables can contain credentials we must scrub. The variables or directly credentials can be specified in a few places the commit deals with. Futher, update apt plugin to use the new do_paths_httpproxy_sub method. Resolves: sosreport#3789 Signed-off-by: Pavel Moravec <[email protected]>
pmoravec
force-pushed
the
sos-pmoravec-proxy-setting-obfuscate-credentials
branch
from
100071d
to
824cc48
Compare
pmoravec
changed the title
|
Good point wrt Apt plugin where I in fact copied the RE from - I just updated the PR accordingly. |
TurboTurtle
approved these changes
Sep 26, 2024
There was a problem hiding this comment.
This LGTM, however I should note that what this does and what it says it does are slightly different.
The obfuscation isn't actually looking for *_PROXY variables, just urls with username and passwords in them, which so happen to be the convention for proxy authentication.
I have a slight preference to rename to do_path_http_sub() or something similar, but it is not a big item for me and I'm fine if you want to merge as is.
HTTP_PROXY or similar env.variables can contain credentials we must scrub. The variables or directly credentials of a http(s) URL can be specified in several places the commit deals with. Futher, update apt plugin to use the new do_paths_httpp_sub method. Resolves: sosreport#3789 Signed-off-by: Pavel Moravec <[email protected]>
pmoravec
force-pushed
the
sos-pmoravec-proxy-setting-obfuscate-credentials
branch
from
824cc48
to
7eb20e7
Compare
jjansky1
added a commit
to jjansky1/sos
that referenced
this pull request
Oct 3, 2024
Adding stageone and stagetwo tests for [system] plugin. Also adding tag scrub for only testing scrub of sensitive data. And updating README with how to call scrub and stagetwo tests. Related: sosreport#3788 Related: sosreport#3789 Resolves: sosreport#3798 Signed-off-by: Jan Jansky <[email protected]>
jjansky1
added a commit
to jjansky1/sos
that referenced
this pull request
Oct 3, 2024
Adding stageone and stagetwo tests for [system] plugin. Also adding tag scrub for only testing scrub of sensitive data. And updating README with how to call scrub and stagetwo tests. Related: sosreport#3788 Related: sosreport#3789 Resolves: sosreport#3798 Signed-off-by: Jan Jansky <[email protected]>
jjansky1
added a commit
to jjansky1/sos
that referenced
this pull request
Oct 3, 2024
Adding stageone and stagetwo tests for [system] plugin. Also adding tag scrub for only testing scrub of sensitive data. And updating README with how to call scrub and stagetwo tests. Related: sosreport#3788 Related: sosreport#3789 Resolves: sosreport#3798 Signed-off-by: Jan Jansky <[email protected]>
jjansky1
added a commit
to jjansky1/sos
that referenced
this pull request
Oct 7, 2024
Adding stageone and stagetwo tests for [system] plugin. Also adding tag scrub for only testing scrub of sensitive data. And updating README with how to call scrub and stagetwo tests. Related: sosreport#3788 Related: sosreport#3789 Resolves: sosreport#3798 Signed-off-by: Jan Jansky <[email protected]>
jjansky1
added a commit
to jjansky1/sos
that referenced
this pull request
Oct 7, 2024
Adding stageone and stagetwo tests for [system] plugin. Also adding tag scrub for only testing scrub of sensitive data. And updating README with how to call scrub and stagetwo tests. Related: sosreport#3788 Related: sosreport#3789 Resolves: sosreport#3798 Signed-off-by: Jan Jansky <[email protected]>
jjansky1
added a commit
to jjansky1/sos
that referenced
this pull request
Oct 7, 2024
Adding stageone and stagetwo tests for [system] plugin. Also adding tag scrub for only testing scrub of sensitive data. And updating README with how to call scrub and stagetwo tests. Related: sosreport#3788 Related: sosreport#3789 Resolves: sosreport#3798 Signed-off-by: Jan Jansky <[email protected]>
jjansky1
added a commit
to jjansky1/sos
that referenced
this pull request
Oct 7, 2024
Adding stageone and stagetwo tests for [system] plugin. Also adding tag scrub for only testing scrub of sensitive data. And updating README with how to call scrub and stagetwo tests. Related: sosreport#3788 Related: sosreport#3789 Resolves: sosreport#3798 Signed-off-by: Jan Jansky <[email protected]>
jjansky1
added a commit
to jjansky1/sos
that referenced
this pull request
Oct 7, 2024
Adding stageone and stagetwo tests for [system] plugin. Also adding tag scrub for only testing scrub of sensitive data. And updating README with how to call scrub and stagetwo tests. Related: sosreport#3788 Related: sosreport#3789 Resolves: sosreport#3798 Signed-off-by: Jan Jansky <[email protected]>
jjansky1
added a commit
to jjansky1/sos
that referenced
this pull request
Oct 8, 2024
Adding stageone and stagetwo tests for [system] plugin. Also adding tag scrub for only testing scrub of sensitive data. And updating README with how to call scrub and stagetwo tests. Related: sosreport#3788 Related: sosreport#3789 Resolves: sosreport#3798 Signed-off-by: Jan Jansky <[email protected]>
jjansky1
added a commit
to jjansky1/sos
that referenced
this pull request
Nov 5, 2024
Adding stageone and stagetwo tests for [system] plugin. Also adding tag scrub for only testing scrub of sensitive data. And updating README with how to call scrub and stagetwo tests. Related: sosreport#3788 Related: sosreport#3789 Resolves: sosreport#3798 Signed-off-by: Jan Jansky <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Obfuscate credentials in env.variable settings for e.g. HTTP_PROXY or similar.
Inspired by: #3788
Resolves: #3789
Please place an 'X' inside each '[]' to confirm you adhere to our Contributor Guidelines