Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reduce logs in EnvironmentAndSystemPropertyClientProviderStrate… #1913

Merged
merged 1 commit into from
Sep 26, 2019
Merged

Reduce logs in EnvironmentAndSystemPropertyClientProviderStrate… #1913

merged 1 commit into from
Sep 26, 2019

Conversation

rnorth
Copy link
Member

@rnorth rnorth commented Sep 25, 2019
edited

Remove logs in EnvironmentAndSystemPropertyClientProviderStrategy which risk leaking credentials on console output

Fixes #1912

Before this change, docker registry credentials could be logged:

  • if credentials were hardcoded in ~/.docker/config.json and
  • if Testcontainers detected environment variables/system properties (such as DOCKER_HOST) which set/override the address of the docker daemon.

We recommend that you check recent CI logs for any accidentally logged credentials, and apologise for the inconvenience. Please see below for an example of the log message, which occurs during initial connection to the Docker daemon.

INFO  o.t.d.DockerClientProviderStrategy - Found Docker environment with Environment 
variables, system properties and defaults. Resolved: 
    dockerHost=unix:///var/run/docker.sock
    apiVersion='{UNKNOWN_VERSION}'
    registryUrl='https://index.docker.io/v1/'
    registryUsername='...'
    registryPassword='...'
    registryEmail='...'
    dockerConfig='DefaultDockerClientConfig[dockerHost=
unix:///var/run/docker.sock,registryUsername=...,registryPassword=<...>,
registryEmail=<...>,registryUrl=https://index.docker.io/v1/,
dockerConfigPath=/home/user/.docker,sslConfig=<null>,
apiVersion={UNKNOWN_VERSION},dockerConfig=<null>]'

has been changed to:

INFO  o.t.d.DockerClientProviderStrategy - Found Docker environment with Environment 
variables, system properties and defaults. Resolved dockerHost=unix:///var/run/docker.sock

@rnorth rnorth added the security Pull requests that address a security vulnerability label Sep 25, 2019
@rnorth rnorth self-assigned this Sep 25, 2019
@rnorth
Remove logs in EnvironmentAndSystemPropertyClientProviderStrategy whi…
94f73f8 
…ch risk leaking credentials on console output

Fixes #1912
@rnorth rnorth force-pushed the santise-docker-client-provider-logs branch from 29cae0d to 94f73f8 Compare September 25, 2019 15:09
@rnorth rnorth changed the title Reduce logs in EnvironmentAndSystemPropertyClientProviderStrategy Reduce logs in EnvironmentAndSystemPropertyClientProviderStrate… Sep 26, 2019
@rnorth rnorth merged commit d3ba842 into master Sep 26, 2019
@rnorth rnorth deleted the santise-docker-client-provider-logs branch September 26, 2019 07:06
@rnorth rnorth added this to the 1.12.2 milestone Sep 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bsideup bsideup bsideup approved these changes

@kiview kiview Awaiting requested review from kiview

Assignees

@rnorth rnorth

Labels
security Pull requests that address a security vulnerability
Projects
None yet
Milestone
1.12.2
Development

Successfully merging this pull request may close these issues.

Dockerhub credentials logged on startup
2 participants
@rnorth @bsideup