Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logging of environment variables in testlog.txt #5328

Open
fiesh opened this issue Apr 29, 2019 · 1 comment
Open

Logging of environment variables in testlog.txt #5328

fiesh opened this issue Apr 29, 2019 · 1 comment

Comments

@fiesh
Copy link

fiesh commented Apr 29, 2019

I just happened to realize that all our private ssh keys for deployment are logged in testlog.txt :)

Given that passing private keys via environment variables to the CI/CD system is the de facto standard (at least with Gitlab), I think this is a bit of a security hazard. Of course one can selectively unset all relevant variables before the test run, but that's a fragile process in itself when variables are changed or added.

Therefore I suggest that logging environment variables to testlog.txt and testlog.json should only happen when explicitly enabled via command line.
@fphammerle
Copy link

workaround until fixed:

replace meson test with env --ignore-environment PATH="$PATH" meson test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fiesh @fphammerle