diff options
| author | Salim Afiune <afiune@chef.io> | 2016-12-21 10:30:55 -0500 |
|---|---|---|
| committer | Salim Afiune <afiune@chef.io> | 2016-12-22 12:43:10 -0500 |
| commit | 1b60195f4cb7ec5414ceb8543fc9a41c1ba4b73b (patch) | |
| tree | 93d86c65378c5264cca6f7756030af0dfb1cdb42 | |
| parent | 30138f63819899b676cfcdef8b00e3ed132e601e (diff) | |
| download | chef-1b60195f4cb7ec5414ceb8543fc9a41c1ba4b73b.tar.gz | |
Transform sensitive resources before report them
COOL-642/ZD 12936 - Chef Manage Run History compromises sensitive data
Before this commit we were sending sensitive resource information to
Reporting and therefor you were able to see the sensitive data on the
Run History in the Chef Manage Console.
This commit is fixing this problem and now it is transforming any
sensitive resource to display the word `*sensitive*` instead of the
actual data. As we are inserting this values directly to the data base,
it means that this change will cascade all the way to the front-end.
Catch: Old data that was already reported and is displaying sensitive
data will contineu to be displayed. Apologize.
Signed-off-by: Salim Afiune <afiune@chef.io>
| -rw-r--r-- | lib/chef/resource_reporter.rb | 21 | ||||
| -rw-r--r-- | spec/unit/resource_reporter_spec.rb | 24 |
2 files changed, 45 insertions, 0 deletions
diff --git a/lib/chef/resource_reporter.rb b/lib/chef/resource_reporter.rb index 8422870e2a..83787818b8 100644 --- a/lib/chef/resource_reporter.rb +++ b/lib/chef/resource_reporter.rb @@ -198,11 +198,32 @@ class Chef def resource_completed(new_resource) if @pending_update && !nested_resource?(new_resource) @pending_update.finish + + # Verify if the resource has sensitive data + if @pending_update.new_resource.sensitive + sensitive_resource = transform_sensitive_resource(@pending_update.new_resource) + @pending_update.new_resource = sensitive_resource + end @updated_resources << @pending_update @pending_update = nil end end + def transform_sensitive_resource(resource) + mock_display = '*sensitive*' + + # Every resource has a name + resource.name(mock_display) + # For Execute Resources + resource.command(mock_display) if defined? resource.command + # For File Resources + resource.content(mock_display) if defined? resource.content + # For Template Resources + resource.variables({'data' => mock_display}) if defined? resource.variables + + resource + end + def run_completed(node) @status = "success" post_reporting_data diff --git a/spec/unit/resource_reporter_spec.rb b/spec/unit/resource_reporter_spec.rb index f951c62b94..e896aac4d7 100644 --- a/spec/unit/resource_reporter_spec.rb +++ b/spec/unit/resource_reporter_spec.rb @@ -265,6 +265,30 @@ describe Chef::ResourceReporter do @resource_reporter.run_started(@run_status) end + context "when the new_resource is sensitive" do + before do + @execute_resource = Chef::Resource::Execute.new("my sensitive execute block") + @execute_resource.name('sensitive-resource') + @execute_resource.command('echo "password: SECRET"') + @execute_resource.sensitive(true) + @resource_reporter.resource_action_start(@execute_resource, :run) + @resource_reporter.resource_current_state_loaded(@execute_resource, :run, @current_resource) + @resource_reporter.resource_updated(@execute_resource, :run) + @resource_reporter.resource_completed(@execute_resource) + @run_status.stop_clock + @report = @resource_reporter.prepare_run_data + @first_update_report = @report["resources"].first + end + + it "resource_name in prepared_run_data should be transformed" do + expect(@first_update_report["name"]).to eq('*sensitive*') + end + + it "resource_command in prepared_run_data should be transformed" do + expect(@first_update_report["after"]).to eq({:command=>"*sensitive*"}) + end + end + context "when the new_resource does not have a string for name and identity" do context "the new_resource name and id are nil" do before do |