mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-10-23 12:33:59 -07:00
bitbucket_pipeline_variable: Hide secured values in console log (#1635)
**SECURITY** - CVE-2021-20180 Hide user sensitive information which is marked as ``secured`` while logging in console. Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This commit is contained in:
parent
a9c64655de
commit
1d0c5e2ba4
2 changed files with 12 additions and 2 deletions
2
changelogs/fragments/cve_bitbucket_pipeline_variable.yml
Normal file
2
changelogs/fragments/cve_bitbucket_pipeline_variable.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
security_fixes:
|
||||
- 'bitbucket_pipeline_variable - **CVE-2021-20180** - hide user sensitive information which are marked as ``secured`` from logging into the console (https://github.com/ansible-collections/community.general/pull/1635).'
|
|
@ -85,7 +85,7 @@ EXAMPLES = r'''
|
|||
|
||||
RETURN = r''' # '''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.basic import AnsibleModule, _load_params
|
||||
from ansible_collections.community.general.plugins.module_utils.source_control.bitbucket import BitbucketHelper
|
||||
|
||||
error_messages = {
|
||||
|
@ -211,6 +211,14 @@ def delete_pipeline_variable(module, bitbucket, variable_uuid):
|
|||
))
|
||||
|
||||
|
||||
class BitBucketPipelineVariable(AnsibleModule):
|
||||
def __init__(self, *args, **kwargs):
|
||||
params = _load_params() or {}
|
||||
if params.get('secured'):
|
||||
kwargs['argument_spec']['value'].update({'no_log': True})
|
||||
super(BitBucketPipelineVariable, self).__init__(*args, **kwargs)
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = BitbucketHelper.bitbucket_argument_spec()
|
||||
argument_spec.update(
|
||||
|
@ -221,7 +229,7 @@ def main():
|
|||
secured=dict(type='bool', default=False),
|
||||
state=dict(type='str', choices=['present', 'absent'], required=True),
|
||||
)
|
||||
module = AnsibleModule(
|
||||
module = BitBucketPipelineVariable(
|
||||
argument_spec=argument_spec,
|
||||
supports_check_mode=True,
|
||||
)
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue