New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

git resource does not respect `sensitive` property #7955

Open
jschripsema opened this Issue Nov 20, 2018 · 1 comment

Comments

Projects
None yet
1 participant
@jschripsema

jschripsema commented Nov 20, 2018

Description

Applying the sensitive property to a git resource does not suppress the sensitive data from the log. Using OAuth tokens embeds the actual token in the repository uri. Even when specifying that it is a sensitive resource, the entire uri is output to the logs.

Chef Version

14.1.1

Platform Version

CentOS Linux release 7.5.1804 (Core)

Replication Case

  git '/path/to/repo' do
    repository 'https://secretoauthtoken84a6472a850f6efcb153a169@github.com/chef/chef.git'
    sensitive true
    action :sync
  end

Client Output

* git[/path/to/repo] action sync
    - clone from https://secretoauthtoken84a6472a850f6efcb153a169@github.com/chef/chef.git into /path/to/repo
    - checkout ref 50958e958a41f23fb75e9b3c3c9f4c0b519ae295 branch HEAD

Stacktrace

@jschripsema

This comment has been minimized.

jschripsema commented Nov 27, 2018

This is also true of the url in the http_request resource.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment