-
Bug
-
Resolution: Done
-
Critical
-
quay-v3.7.0
Description:
This is an issue found when pull image from cache, after configured the username/password in proxy server configuration, after pull image from cache successfully, checked Quay APP POD logs, found quay print the credentials of remote registry in clear text, suggest fix this security issue.
The expected behavior should be replace the original password with ***** in Quay APP POD logs.
Quay Image: quay-operator-bundle-container-v3.7.0-73
gunicorn-web stdout | 2022-04-14 05:44:55,094 [217] [DEBUG] [app] Ending request: urn:request:c2cbd939-75e2-4aca-bb31-29cf5f1fb17f (/api/v1/organization/testpullcache/validateproxycache) {'endpoint': 'api.proxycacheconfigvalidation', 'request_id': 'urn:request:c2cbd939-75e2-4aca-bb31-29cf5f1fb17f', 'remote_addr': '10.128.2.12', 'http_method': 'POST', 'original_url': 'https://quay370.apps.quayperf370.perfscale.devcluster.openshift.com/api/v1/organization/testpullcache/validateproxycache', 'path': '/api/v1/organization/testpullcache/validateproxycache', 'parameters': {}, 'json_body': {'org_name': 'testpullcache', 'expiration_s': 86400, 'insecure': False, 'upstream_registry': 'quay.io', 'upstream_registry_username': 'lzha', 'upstream_registry_password': 'uX3PstjZ7Ei6qXqlL1psgxpVNfspjj34l9LG/WbUM3VPEBVhgRVxnUlUfsMjTtZ/'}, 'confsha': 'c4bb8bce', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:98.0) Gecko/20100101 Firefox/98.0'}