Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PR #223/af603262 backport][stable-1] [security] Add missing no_log=True, and mark false-positives with no_log=False #224

Merged
merged 1 commit into from
Mar 15, 2021
Merged

[PR #223/af603262 backport][stable-1] [security] Add missing no_log=True, and mark false-positives with no_log=False #224

merged 1 commit into from
Mar 15, 2021

Conversation

patchback[bot]
Copy link

@patchback patchback bot commented Mar 15, 2021

This is a backport of PR #223 as merged into main (af60326).

SUMMARY

Most places found by the new sanity test are false-positives, but there are some real problems:

  1. The avi_cloudconnectoruser module has several options which accept credentials for different cloud services. Their documentation is absolutely NOT helpful, and I was only able to find an example for one of them (in https://github.com/avinetworks/devops), but that clearly contained a password.
  2. The avi_sslkeyandcertificate has one option enckey_base64 which might contain a secret. The documentation is also not really helpful; I think it's better to mark this no_log=True as well.
  3. The avi_webhook module has one option verification_token which might be harmless, but might also be a secret. It's not really clear from the documentation and I was not able to find any example.

CC @dericcrago @gundalow @relrod

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

avi_cloudconnectoruser
avi_sslkeyandcertificate
avi_webhook
avi_pool
avi_serviceenginegroup
avi_virtualservice
cnos_user
netscaler_cs_vserver
netscaler_lb_vserver
netscaler_ssl_certkey

@felixfontein
[security] Add missing no_log=True, and mark false-positives with no_…
31cc288 
…log=False (#223)

* Added no_log=False to clear false-positives.

* Some more that seem to be false-positives with the examples from https://github.com/avinetworks/devops.

* Guesswork.

* These definitely miss no_log=True.

* Add changelog fragment.

(cherry picked from commit af60326)
@dericcrago dericcrago merged commit acd74b5 into stable-1 Mar 15, 2021
@dericcrago dericcrago deleted the patchback/backports/stable-1/af60326281d0a193f57189dd44706e3aa9516797/pr-223 branch March 15, 2021 15:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dericcrago @felixfontein