Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-3591

Quay 3.7.0 APP POD log should not print the credentials of remote registry in clear text

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • quay-v3.7.0
    • quay-v3.7.0
    • quay
    • 0

      Description:

      This is an issue found when pull image from cache, after configured the username/password in proxy server configuration, after pull image from cache successfully, checked Quay APP POD logs, found quay print the credentials of remote registry in clear text, suggest fix this security issue.

      The expected behavior should be replace the original password with ***** in Quay APP POD logs.

      Quay Image: quay-operator-bundle-container-v3.7.0-73

      gunicorn-web stdout | 2022-04-14 05:44:55,094 [217] [DEBUG] [app] Ending request: urn:request:c2cbd939-75e2-4aca-bb31-29cf5f1fb17f (/api/v1/organization/testpullcache/validateproxycache) {'endpoint': 'api.proxycacheconfigvalidation', 'request_id': 'urn:request:c2cbd939-75e2-4aca-bb31-29cf5f1fb17f', 'remote_addr': '10.128.2.12', 'http_method': 'POST', 'original_url': 'https://quay370.apps.quayperf370.perfscale.devcluster.openshift.com/api/v1/organization/testpullcache/validateproxycache', 'path': '/api/v1/organization/testpullcache/validateproxycache', 'parameters': {}, 'json_body': {'org_name': 'testpullcache', 'expiration_s': 86400, 'insecure': False, 'upstream_registry': 'quay.io', 'upstream_registry_username': 'lzha', 'upstream_registry_password': 'uX3PstjZ7Ei6qXqlL1psgxpVNfspjj34l9LG/WbUM3VPEBVhgRVxnUlUfsMjTtZ/'}, 'confsha': 'c4bb8bce', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:98.0) Gecko/20100101 Firefox/98.0'}

            fmissi Flavian Missi
            lzha1981 luffy zhang
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: