Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Process: add sensitive option to prevent verbose reporting of the command #256

Merged
merged 1 commit into from
Nov 24, 2017

Conversation

stdweird
Copy link
Member

@stdweird stdweird commented Nov 9, 2017

Fixes #254

@stdweird stdweird added this to the 17.12 milestone Nov 9, 2017

A boolean specifying whether the command (and args) contain sensitive information
(like passwords). If C<sensitive> is true, the commandline will not be reported
(by default the commanlione is reported in with verbose).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

commanlione => command line. Also "by default" do you mean only if the log option is not undef? Or do you really mean "in all cases unless you set this" ?

(like passwords). If C<sensitive> is true, the commandline will not be reported
(by default the commanlione is reported in with verbose).

This does not cover command output. If th eoutput (stdout or stderr) contains
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the output

(by default the commanlione is reported in with verbose).

This does not cover command output. If th eoutput (stdout or stderr) contains
sensitve information, make sure to handle it yourself via C<stdout> and/or C<stderr>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should reference the log option here? (i.e. recommend setting it to undef?) Generally I am a bit confused as to how this interacts with the log option so it would be good to see that clarified.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i'm not sure how to formulate it. the code here does not report the output, but eg execute sends it to the real stdout (and that's also why it's not part of the logs, see #245).

@stdweird
Copy link
Member Author

stdweird commented Nov 9, 2017

@ned21 i made some changes to address your remarks, but also changed that the sensitive option only applies ot the arguments. the binary itself can be reported by some other methods also (and i'm not sure the binary itself is ever sensitive)


A boolean specifying whether the arguments contain sensitive information
(like passwords). If C<sensitive> is true, the commandline will not be reported
(by default and when C<log> option is used, the commandline is reported
Copy link
Contributor

@ned21 ned21 Nov 9, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry to nitpick but I think by default when the C<log> option is used is clearer.

@ned21
Copy link
Contributor

ned21 commented Nov 9, 2017

Thanks for the changes. All good except one minor nitpick about removing what I believe to be an extraneous "and". Then you can squash.

@stdweird
Copy link
Member Author

@ned21 should be fine now

@jrha
Copy link
Member

jrha commented Nov 24, 2017

@ned21 are you happy with this now?

@ned21 ned21 merged commit e33f6e5 into quattor:master Nov 24, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

3 participants