Project

General

Profile

action #111010

type_password does not hide the string in autoinst-log.txt

Added by jlausuch about 2 months ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
2022-05-12
Due date:
% Done:

0%

Estimated time:
Difficulty:
Tags:

Description

I am doing some tests using type_password command to put some sensitive information into a file in a running system.
According to the documentation [1]: A convenience wrapper around type_string, which doesn’t log the string.

However, if I do:
type_password("echo 'yada yada' > /root/influxdb_conf\n");

This info is shown in autoinst-log.txt:

[2022-05-12T13:05:09.897059+02:00] [debug] tests/jeos/image_info.pm:130 called testapi::type_password
[2022-05-12T13:05:09.897329+02:00] [debug] <<< testapi::type_string(string="echo 'yada yada' > /root/influxdb_conf\n", max_interval=100, wait_screen_changes=0, wait_still_screen=0, timeout=30, similarity_level=47)

This is using root-console. If I use serial_terminal, I get it in the serial_terminal.txt log:

...
SCRIPT_FINISHEDGItcm-0-
# echo 'yada yada' > /root/influxdb_conf

Also, openQA tests are showing this

2 months ago (before https://github.com/os-autoinst/os-autoinst/pull/2002)
https://openqa.suse.de/tests/8405529/logfile?filename=autoinst-log.txt

[2022-03-26T12:33:40.095557+01:00] [debug] tests/jeos/firstrun.pm:116 called testapi::type_password
[2022-03-26T12:33:40.095850+01:00] [debug] <<< testapi::type_string(string="SECRET STRING", max_interval=100, wait_screen_changes=0, wait_still_screen=0, timeout=30, similarity_level=47)

Now:
https://openqa.suse.de/tests/8738443/logfile?filename=autoinst-log.txt

[2022-05-12T06:09:58.666172+02:00] [debug] tests/jeos/firstrun.pm:116 called testapi::type_password
[2022-05-12T06:09:58.666561+02:00] [debug] <<< testapi::type_string(string="nots3cr3t", max_interval=100, wait_screen_changes=0, wait_still_screen=0, timeout=30, similarity_level=47)

[1] http://open.qa/api/testapi/#_type_password

History

#1 Updated by jlausuch about 2 months ago

  • Subject changed from type_password does not hide the command in autoinst-log.txt to type_password does not hide the string in autoinst-log.txt

#2 Updated by jlausuch about 2 months ago

  • Status changed from New to In Progress
  • Assignee set to jlausuch

#3 Updated by jlausuch about 2 months ago

  • Description updated (diff)

#5 Updated by maritawerner about 2 months ago

  • Tags set to qac

#6 Updated by jlausuch about 1 month ago

  • Status changed from In Progress to Resolved

Also available in: Atom PDF