Callback: removing args from task_fields from Sumologic and Splunk pl…

…ugin(ansible#63527)

CVE-2019-14864 Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs

Fixes ansible#63522

Signed-off-by: Patrick O’Brien <patrick.obrien@thetradedesk.com>
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>

changelogs/fragments/63522-remove-args-from-sumologic-and-splunk-callbacks.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - '**security issue** - Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs (CVE-2019-14864)'

lib/ansible/plugins/callback/splunk.py

@@ -98,6 +98,9 @@ def send_event(self, url, authtoken, state, result, runtime):
         else:
             ansible_role = None
 
+        if 'args' in result._task_fields:
+            del result._task_fields['args']
+
         data = {}
         data['uuid'] = result._task._uuid
         data['session'] = self.session

lib/ansible/plugins/callback/sumologic.py

@@ -89,6 +89,9 @@ def send_event(self, url, state, result, runtime):
         else:
             ansible_role = None
 
+        if 'args' in result._task_fields:
+            del result._task_fields['args']
+
         data = {}
         data['uuid'] = result._task._uuid
         data['session'] = self.session