New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Console logs secure env value when parsing fails #1775
Comments
See also #825, #1145 and #1722. I'm a bit torn on how to fix this. The obvious way seems to be to add a bit of escaping in the travis CLI, but if you look at #1722 that has issues as well. If there is a way to do a syntax check on a bash script before running it, that may be the best thing to do, and just fail with an error if there is a syntax check. The way to fix this, by the way, is to use |
Yes, given that the problem only occurs when the user has incorrectly On 28 December 2013 16:04, Henrik Hodne notifications@github.com wrote:
|
Agreed, that would probably be a good workaround too. Right now, the correct way of getting a log cleared is to email support, but we have a “delete build” feature on the roadmap: #877. |
I am a big fan of adding a 'delete log' feature as several requests to remove builds have been because of security issues with the logs. I would actually favour this feature over #877 |
I agree. Opened #1791 for that. |
Is there anything to do on this ticket? |
I think we are still considering adding "filtering" of some sort, removing the values of encrypted environment variables from the logs if they are accidentally printed. There's also the question of automatically escaping the variables in |
Personally I'm not in favour of us filtering the logs as the concept of log parts makes filtering hard and complicated. The 'remove log' feature should help in cases where secure vars are exported in clear text when they shouldn't. |
In theory, filtering logs would allow an attack, if the attacker could On Tue, Jul 22, 2014 at 12:32 AM, Josh Kalderimis notifications@github.com
|
Not necessarily, the log could be output from a curl command, for instance. |
bash -n |
@henrikhodne @BanzaiMan Any progress on this issue? I just had my hosting environment access token exposed due to a malformed character in the string. I purged my log but it is still concerning that secrets are exposed (and this issue is 18mos old and still unresolved) even though the information entered the system in a protected state. Thank you guys. |
I configured a (apparently malformed) secure variable via the settings in Travis, why can't that be checked before it is saved? |
Hello everyone! Would it not be possible to export these values before the build begins and re-export them for verbosity and clerical purposes? I am happy with any way you manage to fix this, as this seems to be a critical security error, because it's easy to use robots to divulge logs that have partially leaked a secret in public. |
I've opened the PR to at least partially address this issue. I welcome comments there. Thank you! |
I'm closing this now. We now send If you see a similar issue going forward, please open a new issue. Thank you! |
The PR was reverted. |
The fix is easy, just escape them as literal strings like everyone else. That's it. Spent the entire afternoon scratching my head before figuring out why my URLs weren't working. |
travis-ci/travis-build#942 is live. Accidental leakage is far less likely now. I'm closing this. |
Put an "unexpected value" character in a secure env variable and that variable will be logged at the console.
e.g. the encrypted value
PASSWORD=winnie(the pooh)
might becomeAt build time this will log:
The text was updated successfully, but these errors were encountered: