Pattern: oslo config option not marked secret=True
Issue: -
Passwords are sensitive and must be protected appropriately. In OpenStack Oslo
there is an option to mark options "secret" which will ensure that they are
not logged. This plugin detects usages of oslo configuration functions that
appear to deal with strings ending in password and flag usages where they
have not been marked secret.
Example of insecure code:
cfg.StrOpt('admin_password', help="User's password")Example of secure code:
cfg.StrOpt('admin_password', secret=True, help="User's password")