Skip to content

use a pattern to identify sensitive config keys #16555

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MorrisJobke merged 1 commit into from
Jul 26, 2019
Merged

use a pattern to identify sensitive config keys #16555

MorrisJobke merged 1 commit into from
Jul 26, 2019

Conversation

@blizzz
Copy link
Member

@blizzz blizzz commented Jul 26, 2019
edited
Loading

regex for the win :)

fixes #16529 (see also for repro steps)

@blizzz blizzz added this to the Nextcloud 17 milestone Jul 26, 2019
MorrisJobke
MorrisJobke approved these changes Jul 26, 2019
View reviewed changes
Copy link
Member

@MorrisJobke MorrisJobke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code makes sense 👍

rullzer
rullzer approved these changes Jul 26, 2019
View reviewed changes
Copy link
Member

@rullzer rullzer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense and even tests :)

@rullzer rullzer added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Jul 26, 2019
@MorrisJobke MorrisJobke merged commit 2e803dc into master Jul 26, 2019
@delete-merged-branch delete-merged-branch bot deleted the fix/16529/mask-keys branch July 26, 2019 13:16
@MorrisJobke
Copy link
Member

MorrisJobke commented Jul 26, 2019

@blizzz Backport to 16? I would say so.

@MorrisJobke
Copy link
Member

MorrisJobke commented Jul 26, 2019

/backport to stable16

@MorrisJobke
Copy link
Member

MorrisJobke commented Jul 26, 2019

Just noticed the backport label. 🙈

@backportbot-nextcloud backportbot-nextcloud bot mentioned this pull request Jul 26, 2019
Merged
@backportbot-nextcloud
Copy link

backportbot-nextcloud bot commented Jul 26, 2019

backport to stable16 in #16562

@blizzz
Copy link
Member Author

blizzz commented Jul 26, 2019

i'd also say nc 15 to prevent accidential leaking

@blizzz
Copy link
Member Author

blizzz commented Jul 26, 2019

/backport to stable15

@backportbot-nextcloud backportbot-nextcloud bot mentioned this pull request Jul 26, 2019
Merged
@backportbot-nextcloud
Copy link

backportbot-nextcloud bot commented Jul 26, 2019

backport to stable15 in #16565

@CyrilBrulebois
Copy link

CyrilBrulebois commented Jul 26, 2019

Thanks for the quick fix for #16529; the regex strikes me as suboptimal as it would not catch the (possibly unlikely) cases where one reaches s100 and above…

/^(s\d\d+)?ldap_agent_password$/'

would ensure detecting two or more digits after the initial s. (\d\d+ can also be written as \d{2,}, but that's maybe less readable for newcomers.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rullzer rullzer rullzer approved these changes

@MorrisJobke MorrisJobke MorrisJobke approved these changes

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

@michaelletzgus michaelletzgus Awaiting requested review from michaelletzgus

@juliusknorr juliusknorr Awaiting requested review from juliusknorr

Assignees

No one assigned

Labels

4. to release Ready to be released and/or waiting for tests to finish bug

Projects

None yet

Milestone

Nextcloud 17

Development

Successfully merging this pull request may close these issues.

user_ldap's ldap_agent_password not effectively tagged as sensitive data

5 participants

@blizzz @MorrisJobke @CyrilBrulebois @rullzer