Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-6627

Puppet file `show_diff` setting leaks information

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 4.6.1
    • Component/s: None
    • Labels:
      None
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      prior to this change, {{--show_diff}} for {{puppet agent}} and {{puppet apply}} could problematically show redacted data when a resource contained a Senstive data type.

      Description

      Because the sensitive data support in the transaction doesn't propagate through all possible log points, types and providers can leak information by logging arbitrary information at arbitrary points. This is especially problematic because of the `show_diff` setting for files; files are the most common point where sensitive information may be leaked and `show_diff` bypasses this.

      In the short term we should have special handling for diffing so that when a diff is potentially generated we check to see if the property being diffed is sensitive and redact it accordingly.

        Attachments

          Activity

            jsd-sla-details-panel

              People

              • Assignee:
                Unassigned
                Reporter:
                adrien Adrien Thebo
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: