Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sensitive variables printed when exec fails #3216

Open
mikravn opened this issue Sep 3, 2024 · 3 comments
Open

Sensitive variables printed when exec fails #3216

mikravn opened this issue Sep 3, 2024 · 3 comments
Assignees
@hgupta12
Labels
bug Oops, sorry! good first issue Good for new contributors help wanted Good for someone who has contributed before

Comments

@mikravn
Copy link

mikravn commented Sep 3, 2024

Describe the bug

When exec runs with sensitive arguments, and the command returns a bad exit code (e.g. a script or program) it dumps sensitive values in errout. It is not expected that sensitive variables are printed in plain text.

To Reproduce

Run porter build && porter install with the following porter.xml:

schemaType: Bundle

schemaVersion: 1.0.1

name: porter-hello

version: 0.1.0

description: "An example Porter configuration"

registry: "localhost:5000"

mixins:
  - exec

parameters:
  - name: secret
    type: string
    default: "---I AM A SECRET VALU1E---"
    sensitive: true

install:
  - exec:
      command: false # /bin/false is a simple way to reproduce, but this could be a program or script.
      arguments:
        - "${bundle.parameters.secret}"
        
upgrade:
  - exec:
      command: true

uninstall:
  - exec:
      command: true

Expected behavior

The sensitive value should never be logged out in plain text.

Porter Command and Output

Cmd:

porter build && porter install

Output:

[ ... build output cut as not relevant ...]
Just-in-time resolving credentials...
Just-in-time resolving parameters...
executing install action from porter-hello (installation: /porter-hello)
error running command /cnab/app /usr/bin/false *******: exit status 1
Error: error running command /cnab/app /usr/bin/false *******: exit status 1
1 error occurred:
        * mixin execution failed: package command failed /cnab/app/cnab/app/mixins/exec/runtimes/exec-runtime install
error running command /cnab/app /usr/bin/false ---I AM A SECRET VALU1E---: exit status 1
Error: error running command /cnab/app /usr/bin/false ---I AM A SECRET VALU1E---: exit status 1



1 error occurred:
        * mixin execution failed: package command failed /cnab/app/cnab/app/mixins/exec/runtimes/exec-runtime install
error running command /cnab/app /usr/bin/false ---I AM A SECRET VALU1E---: exit status 1
Error: error running command /cnab/app /usr/bin/false ---I AM A SECRET VALU1E---: exit status 1



1 error occurred:
        * container exit code: 1, message: <nil>

Version

porter v1.1.0 (b50c189)
@mikravn mikravn added the bug Oops, sorry! label Sep 3, 2024
@schristoff schristoff added help wanted Good for someone who has contributed before good first issue Good for new contributors labels Sep 5, 2024
@hgupta12
Copy link

hgupta12 commented Sep 6, 2024

Can I take up this issue?

@kichristensen
Copy link
Contributor

@hgupta12 Sorry for the late reply. It would be great if you would take a look it, just let us know if you need any help or guidance.

@hgupta12
Copy link

@kichristensen Sure! Could you please assign it to me?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hgupta12 hgupta12

Labels
bug Oops, sorry! good first issue Good for new contributors help wanted Good for someone who has contributed before
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kichristensen @mikravn @schristoff @hgupta12