aboutsummaryrefslogtreecommitdiffstats
path: root/__run__.py
diff options
context:
space:
mode:
authorJake Hunsaker <jhunsake@redhat.com>2018-11-28 10:43:40 -0500
committerBryn M. Reeves <bmr@redhat.com>2019-03-12 15:32:39 +0000
commitbcc939b71842175010e60d0d063043e9f780c702 (patch)
tree6edde4cd061f1268719650beaaf0232a5bd56650 /__run__.py
parent749165e09da65d073ace7136dc29cfa28931b751 (diff)
downloadsos-bcc939b71842175010e60d0d063043e9f780c702.tar.gz
[podman|docker] Add postprocessing for container inspect output
Adds a postproc for the podman and docker plugins to attempt to obfuscate sensitive keys in 'inspect' output for those runtimes. Previously, these keys were being captured in plaintext which could lead to passwords or similar being leaked when sysadmins configure containers with environment variables (or similar) that contain this data. Specifically, we match against 'key=value' pairs as that is how the container runtimes accept and print these pairs, like so: "Env": [ "mypassword=supersecret", "container=oci" ], By comparison, the inspect outputs now read like the following when a potentially sensitive key is found: "Env": [ "mypassword=********", "container=oci" ], Resolves: #1487 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
Diffstat (limited to '__run__.py')
0 files changed, 0 insertions, 0 deletions