Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document Resource options that potentially leak secrets #2727

Merged
merged 2 commits into from
Mar 28, 2022
Merged

Document Resource options that potentially leak secrets #2727

merged 2 commits into from
Mar 28, 2022

Conversation

MrAlias
Copy link
Contributor

@MrAlias MrAlias commented Mar 25, 2022

The WithProcess and WithProcessCommandArgs options contain command line arguments as resource attributes. These could potentially expose user secrets. Document this fact so users better understand the implications of using these options.

Fix #2723

@MrAlias
Document Resource options that potentially leak secrets
e3aba7d 
The WithProcess and WithProcessCommandArgs options contain command line
arguments as resource attributes. These could potentially expose user
secrets. Document this fact so users better understand the implications
of using these options.
@MrAlias MrAlias added documentation Provides helpful information Skip Changelog PRs that do not require a CHANGELOG.md entry labels Mar 25, 2022
@MrAlias MrAlias added this to the Release v1.7.0 milestone Mar 25, 2022
@codecov
Copy link

codecov bot commented Mar 25, 2022
edited
Loading

Codecov Report

Merging #2727 (1eded63) into main (7a1ebf7) will increase coverage by 0.0%.
The diff coverage is n/a.

Impacted file tree graph

@@          Coverage Diff          @@
##            main   #2727   +/-   ##
=====================================
  Coverage   76.7%   76.7%           
=====================================
  Files        181     181           
  Lines      12175   12175           
=====================================
+ Hits        9345    9347    +2     
+ Misses      2605    2603    -2     
  Partials     225     225
Impacted Files Coverage Δ
sdk/resource/config.go 100.0% <ø> (ø)
exporters/jaeger/jaeger.go 90.3% <0.0%> (-0.9%) ⬇️
sdk/trace/batch_span_processor.go 82.1% <0.0%> (+1.8%) ⬆️

@MrAlias MrAlias mentioned this pull request Mar 25, 2022
Merged
hickeyma
hickeyma approved these changes Mar 28, 2022
View reviewed changes
Copy link
Contributor

@hickeyma hickeyma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks @MrAlias

@MrAlias MrAlias merged commit 0a7cf5a into open-telemetry:main Mar 28, 2022
@MrAlias MrAlias deleted the doc-process-resource-secret-leak branch March 28, 2022 14:35
@hickeyma hickeyma mentioned this pull request Apr 8, 2022
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hickeyma hickeyma hickeyma approved these changes

@XSAM XSAM XSAM approved these changes

@pellared pellared pellared approved these changes

@plantfansam plantfansam plantfansam approved these changes

@jmacd jmacd Awaiting requested review from jmacd

@Aneurysm9 Aneurysm9 Awaiting requested review from Aneurysm9

@evantorrie evantorrie Awaiting requested review from evantorrie

@dashpole dashpole Awaiting requested review from dashpole dashpole is a code owner

@paivagustavo paivagustavo Awaiting requested review from paivagustavo

@MadVikingGod MadVikingGod Awaiting requested review from MadVikingGod

@hanyuancheung hanyuancheung Awaiting requested review from hanyuancheung

Assignees
No one assigned
Labels
documentation Provides helpful information Skip Changelog PRs that do not require a CHANGELOG.md entry
Projects
None yet
Milestone
Release v1.6.1
Development

Successfully merging this pull request may close these issues.

Process detectors have potential to leak secrets
5 participants
@MrAlias @plantfansam @pellared @XSAM @hickeyma