Uploaded image for project: 'OpenShift Pipelines'
  1. OpenShift Pipelines
  2. SRVKP-3761

Hiding secrets on the github interface for snippet may leak secret suffix

XMLWordPrintable

    • 3
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide
       In this release we resolve an issue related to hiding secrets in logs (showing on the git provider interface in case of failures). In cases where multiple secrets share the same prefix and are being logged onto the git interface. The fix ensures that when concealing secrets in logs, the process now starts from the longest secret to the shortest. This prevents a situation where the shortest secret with a common prefix could be hidden first, potentially leaking the end of the longer secret.
      Show
       In this release we resolve an issue related to hiding secrets in logs (showing on the git provider interface in case of failures). In cases where multiple secrets share the same prefix and are being logged onto the git interface. The fix ensures that when concealing secrets in logs, the process now starts from the longest secret to the shortest. This prevents a situation where the shortest secret with a common prefix could be hidden first, potentially leaking the end of the longer secret.
    • Bug Fix
    • Pipelines Sprint 251

      Description of problem:

      When we have multiple secrets with the same prefix and the shortest one is detected first, the shortest secret will be hidden but the rest of the string from the longest one will leak.

      Prerequisites (if any, like setup, operators/versions):

      Steps to Reproduce

       

       

      Actual results:

      Expected results:

      Reproducibility (Always/Intermittent/Only Once)

      Multiple secrets attached to a PipelineRun, the first attached secret is called secret the second attached secret is called secret-is-secret.

      If you output those secrets in the logs with a failure, pac will output a snippet, that snippet needs to have those two secrets properly hidden with "****" 

      Acceptance criteria: 

       

      Definition of Done:

      Build Details:

      Additional info (Such as Logs, Screenshots, etc):

       

       *

        1. image-2023-11-25-01-56-49-777.png
          image-2023-11-25-01-56-49-777.png
          82 kB
        2. image-2023-11-25-01-55-59-695.png
          image-2023-11-25-01-55-59-695.png
          83 kB
        3. image-2023-11-25-01-55-48-326.png
          image-2023-11-25-01-55-48-326.png
          83 kB

              cboudjna@redhat.com Chmouel Boudjnah
              cboudjna@redhat.com Chmouel Boudjnah
              Savita . Savita .
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: