Callback: removing args from task_fields from Sumologic and Splunk plugin(#63527)

CVE-2019-14864 Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs

Fixes #63522

Signed-off-by: Patrick O’Brien <patrick.obrien@thetradedesk.com>
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>

2 files changed, 6 insertions, 0 deletions

diff --git a/lib/ansible/plugins/callback/splunk.py b/lib/ansible/plugins/callback/splunk.py
index 26b5d1d885..4f0e7eec3c 100644
--- a/lib/ansible/plugins/callback/splunk.py
+++ b/lib/ansible/plugins/callback/splunk.py
@@ -98,6 +98,9 @@ class SplunkHTTPCollectorSource(object):
         else:
             ansible_role = None
 
+        if 'args' in result._task_fields:
+            del result._task_fields['args']
+
         data = {}
         data['uuid'] = result._task._uuid
         data['session'] = self.session
diff --git a/lib/ansible/plugins/callback/sumologic.py b/lib/ansible/plugins/callback/sumologic.py
index 4a2bd0b5bb..22e217f0b5 100644
--- a/lib/ansible/plugins/callback/sumologic.py
+++ b/lib/ansible/plugins/callback/sumologic.py
@@ -89,6 +89,9 @@ class SumologicHTTPCollectorSource(object):
         else:
             ansible_role = None
 
+        if 'args' in result._task_fields:
+            del result._task_fields['args']
+
         data = {}
         data['uuid'] = result._task._uuid
         data['session'] = self.session