New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not leak the GALAXY11_PASSWORD value into the log file #2985
Conversation
In verify/GALAXY11/default/420_login_to_galaxy_and_setup_environment.sh run commands that deal with GALAXY11_PASSWORD in a confidential way via { confidential_command ; } 2>/dev/null to not leak the GALAXY11_PASSWORD value into the log file, cf. #2156
verify/GALAXY11/default/420_login_to_galaxy_and_setup_environment.sh
|
Do not run more confidentially than what actually needs to run confidentially
@jsmeix a comparison actual master version:
your version:
In my opinion, it is very good to hide the credentials so that they are not uploaded by mistake. Otherwise, in some places it may be useful to see them. But by default this should be disabled. This could be activated by an additional CMD line parameter (see 2967). |
@codefritzel |
@rear/contributors I know that with
there are no longer any 'qlogin' stderr messages in the log I think it is sufficient to see that 'qlogin' fails In general user data is sacrosanct so |
You could add an error messages saying that |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fine with it. FYI, we wanted to switch this over the use UserInput
to gather the login credentials so that --non-interactive
would also catch it
Better Error() message when 'qlogin' failed, cf. #2985 (comment)
A side note FYI: My recent
How bash behaves with $? versus $PIPESTATUS:
This is because '!' is a reserverd word in bash
Excerpts from "man bash" (GNU bash version 4.4.23)
|
As an addedum to make the code easier to read |
Type: Bug Fix
Impact: Critical
Reference to related issue (URL):
Do not log BACKUP_PROG_CRYPT_KEY value (issue 2155) #2156
How was this pull request tested?
I cannot test it because I do not have the needed backup software
Brief description of the changes in this pull request:
In
verify/GALAXY11/default/420_login_to_galaxy_and_setup_environment.sh
run commands that deal with GALAXY11_PASSWORD
in a confidential way via
to not leak the GALAXY11_PASSWORD value into the log file