1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Add no_log to some module arguments (#1725)

* Add no_log to some module arguments

This will prevent potentially sensitive information from being printed to
the console.

See: CVE-2021-20191

* Update changelogs/fragments/CVE-2021-20191_no_log.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
David Moreau Simard 2021-02-04 15:02:21 -05:00 committed by GitHub
parent 2297f2f802
commit ae8edc02e1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 8 additions and 4 deletions

View file

@ -0,0 +1,4 @@
security_fixes:
- module_utils/_netapp, na_ontap_gather_facts - enabled ``no_log`` for the options ``api_key`` and ``secret_key`` to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1725).
- module_utils/identity/keycloak, keycloak_client, keycloak_clienttemplate, keycloak_group - enabled ``no_log`` for the option ``auth_client_secret`` to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1725).
- utm_proxy_auth_profile - enabled ``no_log`` for the option ``frontend_cookie_secret`` to prevent accidental disclosure (CVE-2021-20191, https://github.com/ansible-collections/community.general/pull/1725).

View file

@ -142,8 +142,8 @@ def aws_cvs_host_argument_spec():
return dict(
api_url=dict(required=True, type='str'),
validate_certs=dict(required=False, type='bool', default=True),
api_key=dict(required=True, type='str'),
secret_key=dict(required=True, type='str')
api_key=dict(required=True, type='str', no_log=True),
secret_key=dict(required=True, type='str', no_log=True)
)

View file

@ -58,7 +58,7 @@ def keycloak_argument_spec():
auth_keycloak_url=dict(type='str', aliases=['url'], required=True),
auth_client_id=dict(type='str', default='admin-cli'),
auth_realm=dict(type='str', required=True),
auth_client_secret=dict(type='str', default=None),
auth_client_secret=dict(type='str', default=None, no_log=True),
auth_username=dict(type='str', aliases=['username'], required=True),
auth_password=dict(type='str', aliases=['password'], required=True, no_log=True),
validate_certs=dict(type='bool', default=True)

View file

@ -336,7 +336,7 @@ def main():
backend_user_suffix=dict(type='str', required=False, default=""),
comment=dict(type='str', required=False, default=""),
frontend_cookie=dict(type='str', required=False),
frontend_cookie_secret=dict(type='str', required=False),
frontend_cookie_secret=dict(type='str', required=False, no_log=True),
frontend_form=dict(type='str', required=False),
frontend_form_template=dict(type='str', required=False, default=""),
frontend_login=dict(type='str', required=False),