Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

git repo sync with failure can expose token value in logging #4673

Closed
jeffkala opened this issue Oct 17, 2023 · 0 comments · Fixed by #4683
Closed

git repo sync with failure can expose token value in logging #4673

jeffkala opened this issue Oct 17, 2023 · 0 comments · Fixed by #4683
Assignees
@jathanism
Labels
emergent Unplanned work that is brought into a sprint after it's started. type: bug Something isn't working as expected

Comments

@jeffkala
Copy link
Contributor

Environment

  • Nautobot version (Docker tag too if applicable): 2.0.2
  • Python version: py3.8
  • Database platform, version: Postgres
  • Middleware(s): n/a

Steps to Reproduce

  1. Create gitrepo and assign it to a secrets group with with type https/token.
  2. Try to sync to a repository like azure(ADO) that requires a user and password for basic auth.
  3. The new Return Value section in the job result logs the actual failure with the access token

Expected Behavior

redact the token from the return value

Observed Behavior

Return value shows the actual token in the failure.

Some of the token was obfuscated but left some for clarity.

nautobot_issue
@jeffkala jeffkala added type: bug Something isn't working as expected triage This issue is new and has not been reviewed. labels Oct 17, 2023
@glennmatthews glennmatthews added emergent Unplanned work that is brought into a sprint after it's started. and removed triage This issue is new and has not been reviewed. labels Oct 19, 2023
@jathanism jathanism self-assigned this Oct 19, 2023
@jathanism jathanism mentioned this issue Oct 19, 2023
Merged
7 tasks
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 22, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jathanism jathanism

Labels
emergent Unplanned work that is brought into a sprint after it's started. type: bug Something isn't working as expected
Projects
No open projects
Nautobot Core ⚙️
Status: Done
Milestone
No milestone
3 participants
@jathanism @glennmatthews @jeffkala