openstack/mistral-lib
Code Issues Proposed changes
Files
master
mistral-lib/releasenotes/notes/mask-password-6899d868d213f722.yaml
Cédric Jeanneret f51d2a21c0 Ensure we mask sensitive data from Mistral Action logs 
Mistral didn't make use of the oslo_utils "mask_password" methods,
leading in sensitive data leakage in its logs.

This patch corrects this security issue.
Note that it depends on oslo_utils patch adding new patterns, and
ensuring it's case-insensitive.

Change-Id: I544d3c172f2dea02c62c49c311c4b5954413ae15
Related-Bug: #1850843
Co-Authored-By: Dougal Matthews <dougal@redhat.com>
Signed-off-by: Cédric Jeanneret <cjeanner@redhat.com>
2019-11-05 10:35:16 +00:00

6 lines
143 B
YAML
Raw Permalink Blame History

---
security:
- Ensure we mask sensitive data before logging Action return values
fixes:
- https://bugs.launchpad.net/tripleo/+bug/1850843
View Git Blame Copy Permalink