Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[credentialprovider] avoid potential secret leaking while reading .dockercfg #94712

Merged
merged 1 commit into from
Sep 14, 2020
Merged

[credentialprovider] avoid potential secret leaking while reading .dockercfg #94712

merged 1 commit into from
Sep 14, 2020

Conversation

droslean
Copy link
Member

There are a lot of scenarios where an invalid .dockercfg file
will still contain secrets. This commit removes the logging of the
contents to avoid any potential leaking and manages the actual error
by printing to the user the actual location of the invalid file.

/kind design

Signed-off-by: Nikolaos Moraitis nmoraiti@redhat.com

@k8s-ci-robot k8s-ci-robot added kind/design Categorizes issue or PR as related to design. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Sep 11, 2020
@droslean
Copy link
Member Author

/release-note-none

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Sep 11, 2020
soltysh
soltysh approved these changes Sep 11, 2020
View reviewed changes
Copy link
Contributor

@soltysh soltysh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 11, 2020
@soltysh
Copy link
Contributor

soltysh commented Sep 11, 2020

/milestone v1.20

@k8s-ci-robot k8s-ci-robot added this to the v1.20 milestone Sep 11, 2020
deads2k
deads2k reviewed Sep 11, 2020
View reviewed changes
pkg/credentialprovider/config.go Outdated
@@ -230,17 +233,15 @@ func ReadDockerConfigFileFromURL(url string, client *http.Client, header *http.H

func readDockerConfigFileFromBytes(contents []byte) (cfg DockerConfig, err error) {
if err = json.Unmarshal(contents, &cfg); err != nil {
klog.Errorf("while trying to parse blob %q: %v", contents, err)
return nil, err
return nil, fmt.Errorf("while trying to parse blob: %v", err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add a test to make sure this does what you want.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed

@deads2k
Copy link
Contributor

deads2k commented Sep 11, 2020

I think a test is in order. it's not obvious that an unmarshaller does what you want here.

/lgtm cancel

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 11, 2020
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Sep 11, 2020
@droslean droslean force-pushed the cred-leak branch 3 times, most recently from fd880d7 to cec73ff Compare September 11, 2020 13:29
@droslean droslean requested a review from deads2k September 11, 2020 15:33
@dims
Copy link
Member

dims commented Sep 11, 2020

/approve
/lgtm
/assign @liggitt

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 11, 2020
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 13, 2020
@droslean
avoid potential secret leaking while reading .dockercfg
b907f9e 
There are a lot of scenarios where an invalid .dockercfg file
will still contain secrets. This commit removes logging of the
contents to avoid any potential leaking and manages the actual error
by printing to the user the actual location of the invalid file.

Signed-off-by: Nikolaos Moraitis <nmoraiti@redhat.com>
@liggitt
Copy link
Member

liggitt commented Sep 14, 2020

/lgtm
/approve
/milestone v1.20
/sig node auth
/priority important-soon

@k8s-ci-robot k8s-ci-robot added sig/node Categorizes an issue or PR as relevant to SIG Node. sig/auth Categorizes an issue or PR as relevant to SIG Auth. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Sep 14, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dims, droslean, liggitt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 14, 2020
@droslean
Copy link
Member Author

/test pull-kubernetes-bazel-test

@liggitt
Copy link
Member

liggitt commented Sep 14, 2020

#94547 flake

@k8s-ci-robot k8s-ci-robot merged commit 1179343 into kubernetes:master Sep 14, 2020
@droslean droslean deleted the cred-leak branch September 14, 2020 17:21
This was referenced Oct 7, 2020
Merged
Merged
Merged
@sfowl
Copy link
Contributor

sfowl commented Oct 7, 2020

I opened cherry-picks given the potential sec impact.

k8s-ci-robot added a commit that referenced this pull request Oct 8, 2020
@k8s-ci-robot
Merge pull request #95346 from sfowl/automated-cherry-pick-of-#94712-…
c64d160 
…upstream-release-1.19

Automated cherry pick of #94712: avoid potential secret leaking while reading .dockercfg
k8s-ci-robot added a commit that referenced this pull request Oct 8, 2020
@k8s-ci-robot
Merge pull request #95348 from sfowl/automated-cherry-pick-of-#94712-…
4746a58 
…upstream-release-1.17

Automated cherry pick of #94712: avoid potential secret leaking while reading .dockercfg
k8s-ci-robot added a commit that referenced this pull request Oct 8, 2020
@k8s-ci-robot
Merge pull request #95347 from sfowl/automated-cherry-pick-of-#94712-…
19e5d1a 
…upstream-release-1.18

Automated cherry pick of #94712: avoid potential secret leaking while reading .dockercfg
@sfowl sfowl mentioned this pull request Oct 15, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liggitt liggitt liggitt left review comments

@soltysh soltysh soltysh approved these changes

@therc therc Awaiting requested review from therc

@yujuhong yujuhong Awaiting requested review from yujuhong

@deads2k deads2k Awaiting requested review from deads2k

Assignees

@dims dims

@soltysh soltysh

@liggitt liggitt

@deads2k deads2k

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/design Categorizes issue or PR as related to design. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note-none Denotes a PR that doesn't merit a release note. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/node Categorizes an issue or PR as relevant to SIG Node. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.20
Development

Successfully merging this pull request may close these issues.
7 participants
@droslean @soltysh @deads2k @dims @liggitt @k8s-ci-robot @sfowl