Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redact SSH key from URL query parameter #348

Merged
merged 2 commits into from Jan 3, 2022
Merged

Redact SSH key from URL query parameter #348

merged 2 commits into from Jan 3, 2022

Conversation

macedogm
Copy link
Contributor

@macedogm macedogm commented Jan 3, 2022

This PR changes:

  1. Redact SSH key from URL query parameter when printing the URL after a download error happens.
  2. Changed redaction from xxxxx to redacted.
  3. Added two tests for the SSH key redaction.
  4. Added .gitignore.

Signed-off-by: Guilherme Macedo guilherme.macedo@suse.com

@macedogm
Redact SSH key from URL query parameter
36b68b2 
Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
@hashicorp-cla
Copy link

hashicorp-cla commented Jan 3, 2022
edited

CLA assistant check
All committers have signed the CLA.

@macedogm
Redact SSH key from URL query parameter
17af21e 
Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
@schmichael
Copy link
Member

Thanks @macedogm!

Doesn't look like any HashiCorp tooling calls RedactURL directly, and we don't universally guarantee error string backward compatibility, so this seems safe to merge from a compatibility standpoint. Code looks good too!

@schmichael schmichael merged commit f5cbbb4 into hashicorp:main Jan 3, 2022
@macedogm macedogm deleted the sshkey-redact branch January 3, 2022 23:14
@macedogm
Copy link
Contributor Author

macedogm commented Jan 5, 2022

@schmichael Thanks a lot for the quick review. 👍🏻

@macedogm
Copy link
Contributor Author

Hi @schmichael, do you know when a new release will be made with this fix, please?

@schmichael
Copy link
Member

Done! Unsure when it will make it into downstream tools (Terraform, Nomad, etc) though.

schmichael added a commit to hashicorp/nomad that referenced this pull request Jan 12, 2022
@schmichael
deps: update go-getter to v1.5.11
bc245af 
Pulls in hashicorp/go-getter#348

Fixes the possibility to log an sshkey if a specific error condition is
hit.
@schmichael schmichael mentioned this pull request Jan 12, 2022
Merged
schmichael added a commit to hashicorp/nomad that referenced this pull request Jan 12, 2022
@schmichael
deps: update go-getter to v1.5.11
d65c6fc 
Pulls in hashicorp/go-getter#348

Fixes the possibility to log an sshkey if a specific error condition is
hit.
@GoVulnBot GoVulnBot mentioned this pull request Apr 27, 2022
Closed
@jba jba mentioned this pull request Apr 27, 2022
Open
@msmeissn
Copy link

Mitre assigned CVE-2022-29810 to this.

@picatz picatz mentioned this pull request May 9, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@macedogm @hashicorp-cla @schmichael @msmeissn