Prevent Leaking Passwords to the Log [master]

[shundhammer]

Target Branch

This is for master, i.e. Factory, Tumbleweed and the Agama images.

A backport to SLE-15-SP5 and -SP6 will follow.

Bugzilla

https://bugzilla.suse.com/show_bug.cgi?id=1225432

Problem

Passwords may be leaked to the log.

Cause

When the configuration is written to file, it is also logged completely to the y2log. This includes any passwords that the user entered when configuring iSCSI.

Unfortunately, the config class is just a very thin wrapper around an array of hashes, not a real class with dedicated fields, so we cannot use the secret_attr method that we use in other places.

Fix

Don't log the complete configuration, only the fact that is was written.

The log format is unwieldy and very hard to read for a human anyway, so it's not very useful to log it in the first place.

Related Branches

• Backport to SLE-15-SP5: Prevent Leaking Passwords to the Log [SLE-15-SP5]  #129
• Backport to SLE-15-SP6: Prevent Leaking Passwords to the Log [SLE-15-SP6] #130

[coveralls]

Pull Request Test Coverage Report for Build 9268836373

Details

• 1 of 1 (100.0%) changed or added relevant line in 1 file are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 30.47%

---

Totals
Change from base Build 6769252335:	0.0%
Covered Lines:	791
Relevant Lines:	2596

---

💛 - Coveralls

[yast-bot]

✔️ Internal Jenkins job #33 successfully finished
✔️ Created OBS submit request #1177328