Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(secrets): fix an issue with secret server listening on IPv6 #134

Merged
merged 12 commits into from
Jul 7, 2024

Conversation

masontikhonov
Copy link
Contributor

@masontikhonov masontikhonov commented Jul 3, 2024

What

This fixes possible issues with any discrepancy between the address at which Logger is listening for mask requests; and the address that is used to call this server.

./lib/addNewMask.js script does not rely on env variables nor default values anymore. Instead, it reads server address from the FS where it should have been written by the server. If server address is missing, the script throws.

The default server host changed from localhost to 0.0.0.0.

Fixed secrets-to-be-masked leak in the cf-container-logger server logs.

Added a safeguard for arbitrary process exit with zero code before masking variables, which will lead to the leakage of unmasked secrets in the build logs.

Why

Notes

Labels

Assign the following labels to the PR:

security - to trigger image scanning in CI build

PR Comments

Add the following comments to the PR:

/e2e - to trigger E2E build

@masontikhonov masontikhonov self-assigned this Jul 3, 2024
@masontikhonov
Copy link
Contributor Author

/e2e

@masontikhonov masontikhonov force-pushed the CR-24332-secret-store-regression branch from 2e6feca to 9fbeeee Compare July 3, 2024 18:09
@masontikhonov masontikhonov force-pushed the CR-24332-secret-store-regression branch from 58f59cc to cb4b05b Compare July 3, 2024 19:00
@masontikhonov
Copy link
Contributor Author

/e2e

@masontikhonov masontikhonov force-pushed the CR-24332-secret-store-regression branch from 693a884 to b2d1d07 Compare July 4, 2024 16:07
@masontikhonov masontikhonov marked this pull request as ready for review July 4, 2024 16:43
@masontikhonov
Copy link
Contributor Author

/e2e

@masontikhonov masontikhonov merged commit 86a6645 into master Jul 7, 2024
4 checks passed
@masontikhonov masontikhonov deleted the CR-24332-secret-store-regression branch July 7, 2024 07:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants