diff options
author | James Falcon <james.falcon@canonical.com> | 2022-06-29 17:27:44 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-29 17:27:44 -0500 |
commit | 4d467b14363d800b2185b89790d57871f11ea88c (patch) | |
tree | 0207990d11767d67bde5099d5526e4c598cf9615 /cloudinit/cmd | |
parent | 4eab80c9db89fcdae4d16c33d8f123cfa1aa62dd (diff) | |
download | cloud-init-git-4d467b14363d800b2185b89790d57871f11ea88c.tar.gz |
Remove schema errors from log (#1551)
When schema errors are encountered, the section of userdata in question
gets printed to the cloud-init log. As this could contain sensitive
data, so log a generic warning instead and redirect user to run
cloud-init schema --system as root.
LP: #1978422
CVE: 2022-2084
Diffstat (limited to 'cloudinit/cmd')
-rwxr-xr-x | cloudinit/cmd/main.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/cloudinit/cmd/main.py b/cloudinit/cmd/main.py index c6303478..4f157870 100755 --- a/cloudinit/cmd/main.py +++ b/cloudinit/cmd/main.py @@ -455,7 +455,9 @@ def main_init(name, args): # Validate user-data adheres to schema definition if os.path.exists(init.paths.get_ipath_cur("userdata_raw")): - validate_cloudconfig_schema(config=init.cfg, strict=False) + validate_cloudconfig_schema( + config=init.cfg, strict=False, log_details=False + ) else: LOG.debug("Skipping user-data validation. No user-data found.") |