Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1511757 - [OSP12] callback_plugins/ doesn't sanitize input
Summary: [OSP12] callback_plugins/ doesn't sanitize input
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-validations
Version: 11.0 (Ocata)
Hardware: Unspecified
OS: Unspecified
Target Milestone: beta
: 12.0 (Pike)
Assignee: RHOS Maint
QA Contact: nlevinki
Depends On:
Blocks: 1511758 1511759
TreeView+ depends on / blocked
Reported: 2017-11-10 03:25 UTC by Summer Long
Modified: 2019-01-18 17:03 UTC (History)
7 users (show)

Fixed In Version: openstack-tripleo-validations-9.1.1-0.20180706135914.d21e7fa.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1511758 1511759 (view as bug list)
Last Closed: 2019-01-18 17:03:00 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
OpenStack gerrit 537417 None None None 2018-01-24 15:26:20 UTC

Description Summer Long 2017-11-10 03:25:52 UTC
Description of problem:
Callback plugins should use the CallbackBase._dump_results() method for no_log to take effect (and not just use raw results).  

However, there are two lines in: 
which use raw results, and which could be an issue if those results are expected to hold secrets.

def v2_runner_on_ok
        results = result._result  # A dict of the module name etc.
def v2_runner_on_failed
        result_dict = result._result  # A dict of the module name etc.

Unless results in these two lines are expected to hold secrets, this should just be a hardening bug.

Version-Release number of selected component (if applicable):

Expected results:
Should do something like: self._dump_results(result._result)

Note You need to log in before you can comment on or make changes to this bug.