Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Uncensored stdout information provided to callback plugin despite no_log #22505

Closed
rmfitzpatrick opened this issue Mar 10, 2017 · 3 comments

Comments

Projects
None yet
5 participants
@rmfitzpatrick
Copy link
Contributor

commented Mar 10, 2017

ISSUE TYPE
  • Bug Report
COMPONENT NAME

no_log, CallbackBase

ANSIBLE VERSION

devel, stable-2.2, and stable-2.1

OS / ENVIRONMENT

el7, osx

SUMMARY

A callback plugin's runner_on methods are provided with an ansible.executor.task_result.TaskResult whose ._result attribute contains non-redacted stdout information when no_log is specified at the play or task level.

STEPS TO REPRODUCE

callback_plugins/callback_plugin.py:

from pprint import pprint
from ansible.plugins.callback import CallbackBase

class CallbackModule(CallbackBase):

    def __init__(self):
        super(CallbackModule, self).__init__()

    def v2_runner_on_ok(self, result):
        pprint(result._result)
  gather_facts: no
  no_log: true
  tasks:
    - name: Do Not Log
      command: echo "Undesired log statement - {{ secret }}"
      vars:
        secret: secret
EXPECTED RESULTS

result._result doesn't contain unfiltered stdout similar to censored message.

ACTUAL RESULTS
TASK [Do Not Log] **************************************************************
changed: [localhost] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result"}
{'_ansible_no_log': True,
 '_ansible_parsed': True,
 u'changed': True,
 u'cmd': [u'echo', u'Undesired log statement - secret'],
 u'delta': u'0:00:00.013236',
 u'end': u'2017-03-10 13:09:26.604869',
 'invocation': {u'module_args': {u'_raw_params': u'echo "Undesired log statement - secret"',
                                 u'_uses_shell': False,
                                 u'chdir': None,
                                 u'creates': None,
                                 u'executable': None,
                                 u'removes': None,
                                 u'warn': True},
                'module_name': u'command'},
 u'rc': 0,
 u'start': u'2017-03-10 13:09:26.591633',
 u'stderr': u'',
 u'stdout': u'Undesired log statement - secret',
 'stdout_lines': [u'Undesired log statement - secret'],
 u'warnings': []}
@sivel

This comment has been minimized.

Copy link
Member

commented Mar 10, 2017

Callbacks should make use of self._dump_results to censor the output, as that function is used throughout existing plugins to achieve this goal.

Such as:

    def v2_runner_on_ok(self, result):
        print(self._dump_results(result._result, indent=4))
@rmfitzpatrick

This comment has been minimized.

Copy link
Contributor Author

commented Mar 10, 2017

Thanks for the assistance, @sivel. I guess there are few security concerns considering authors of plugins likely have access to potentially leaked secrets, and the burden for censoring was on them to begin with (as users of no_log).

@bcoca bcoca removed the needs_triage label Mar 13, 2017

@carnil

This comment has been minimized.

Copy link

commented Apr 22, 2017

If I unsderstand the report correctly this is the issue refered by CVE-2017-7473 originailly found in https://bugzilla.redhat.com/show_bug.cgi?id=1440912 and as well in the SuSE bugzilla at https://bugzilla.novell.com/show_bug.cgi?id=1035124. But maybe it's not the same issue.

openstack-gerrit added a commit to openstack/openstack that referenced this issue Aug 2, 2017

Updated openstack/openstack
Project: openstack-infra/system-config  3e31d01c91e64285e19543746d945ea3f8901ed9

Sanitize ansible results in mqtt callback plugin

According to ansible/ansible#22505 the raw
raw results returned should be sanitized with the
CallbackBase._dump_results() method to ensure sensitive strings such
as those flagged by no_log are elided.

Change-Id: Iaebba820ffcb8628cf1e2373546e51ffc02deed6

openstack-gerrit pushed a commit to openstack-infra/system-config that referenced this issue Aug 2, 2017

Sanitize ansible results in mqtt callback plugin
According to ansible/ansible#22505 the raw
raw results returned should be sanitized with the
CallbackBase._dump_results() method to ensure sensitive strings such
as those flagged by no_log are elided.

Change-Id: Iaebba820ffcb8628cf1e2373546e51ffc02deed6

@ansibot ansibot added bug and removed bug_report labels Mar 7, 2018

@ansible ansible locked and limited conversation to collaborators Apr 26, 2019

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.