ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

bitbucket_pipeline_variable: Hide secured values in console log (#1635) (#1637)

Browse source 
**SECURITY** - CVE-2021-20180

Hide user sensitive information which is marked as ``secured``
while logging in console.

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 1d0c5e2ba4)

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
This commit is contained in:
patchback[bot] 2021-01-14 16:04:27 +01:00 committed by GitHub
parent 4c9c8e0514
commit a3f08377b2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/cve_bitbucket_pipeline_variable.yml Normal file
View file

@ -0,0 +1,2 @@
security_fixes:
- 'bitbucket_pipeline_variable - **CVE-2021-20180** - hide user sensitive information which are marked as ``secured`` from logging into the console (https://github.com/ansible-collections/community.general/pull/1635).'

12
plugins/modules/source_control/bitbucket/bitbucket_pipeline_variable.py
View file

@ -85,7 +85,7 @@ EXAMPLES = r'''
RETURN = r''' # '''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.basic import AnsibleModule, _load_params
from ansible_collections.community.general.plugins.module_utils.source_control.bitbucket import BitbucketHelper
error_messages = {
@ -211,6 +211,14 @@ def delete_pipeline_variable(module, bitbucket, variable_uuid):
))
class BitBucketPipelineVariable(AnsibleModule):
def __init__(self, *args, **kwargs):
params = _load_params() or {}
if params.get('secured'):
kwargs['argument_spec']['value'].update({'no_log': True})
super(BitBucketPipelineVariable, self).__init__(*args, **kwargs)
def main():
argument_spec = BitbucketHelper.bitbucket_argument_spec()
argument_spec.update(
@ -221,7 +229,7 @@ def main():
secured=dict(type='bool', default=False),
state=dict(type='str', choices=['present', 'absent'], required=True),
)
module = AnsibleModule(
module = BitBucketPipelineVariable(
argument_spec=argument_spec,
supports_check_mode=True,
)