You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A side-issue from #3462 that we should also ideally fix: sos can print upload user credentials with password in plaintext to standard output - esp. when the upload fails. Then the engineer can easily provide (as a help to diagnose the upload failure) also their password, like:
# sos report --upload-url https://user:PASSWORD@URL --batch
..
Attempting upload to https://user:PASSWORD@URL
Upload attempt failed: ..
We should ideally obfuscate the PASSWORD there. Despite such password leak can happen only when engineer manually copies standard output, it is a weakness that can happen and we should prevent it.
A side-issue from #3462 that we should also ideally fix:
soscan print upload user credentials with password in plaintext to standard output - esp. when the upload fails. Then the engineer can easily provide (as a help to diagnose the upload failure) also their password, like:We should ideally obfuscate the
PASSWORDthere. Despite such password leak can happen only when engineer manually copies standard output, it is a weakness that can happen and we should prevent it.This means
get_upload_url_stringmethod inLinuxPolicyneeds to obfuscate a password if present, similarly like #3463 does, andRHELPolicy+UbuntuPolicyshould call that method as a fallback (cf. https://github.com/sosreport/sos/blob/main/sos/policies/distros/redhat.py#L309 and https://github.com/sosreport/sos/blob/main/sos/policies/distros/ubuntu.py#L88).The text was updated successfully, but these errors were encountered: