Password used by plugin shows up in debug mode
Bug #1501598 reported by
Lin Hua Cheng
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-openstackclient |
Fix Released
|
High
|
Lin Hua Cheng |
Bug Description
Steps to reproduce:
1. Run OSC in debug mode.
Expected result:
Password should not show up
Actual result:
Password shows up
Output from terminal running OSC command:
$ openstack account set --property test=me --debug
START with options: ['account', 'set', '--property', 'test=me', '--debug']
...
compute API version 2, cmd group openstack.
...
command: account set -> openstackclient
Auth plugin osc_password selected
Password:
auth_type: osc_password
Using auth plugin: osc_password
Using parameters {'username': 'admin', 'tenant_name': 'admin', 'project_name': 'admin', 'password': '<PASSWORD LOGGED!!!>', 'auth_url': 'http://
description: | updated |
Changed in python-openstackclient: | |
status: | New → Confirmed |
importance: | Undecided → High |
Changed in python-openstackclient: | |
milestone: | none → next |
Changed in python-openstackclient: | |
milestone: | next → none |
Changed in python-openstackclient: | |
milestone: | none → 1.9.0 |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
the code in question is here: https:/ /github. com/openstack/ python- openstackclient /blob/9c492b742 d1128bfb8ac2918 89e1e5d6c9d25b8 8/openstackclie nt/common/ clientmanager. py#L170
is there a standard for blocking out any field that contains the key 'password' or 'secret'? I feel like there are probably fields aside from password that should be blocked out