Exposing Sensitive Credential:: Chef Repos

akondrahman / IaCTesting

Placeholder for the research study related to IaC testing anti-patterns

3 stars 256 forks source link

Exposing Sensitive Credential:: Chef Repos #6

Closed Talismanic closed 4 years ago

Talismanic commented 4 years ago

In some scenarios we are seeing that Chef codes are exposing credentials in the test scripts. For example: mysql testing, mysql connection testing.

However, chef has some guidelines how to handle secrets.

Should we consider Mishandled Credentials as anti-patterns in our list?

akondrahman commented 4 years ago

Yes. May be we can call it data leakage ?

Talismanic commented 4 years ago

Yes, of course. May be Sensitive Data Leakage.

akondrahman commented 4 years ago

Sounds good. Is this the only one for Chef?

Talismanic commented 4 years ago

After couple of revision, I could not find this type of issues in Ansible samples. May be thats beacuase, in our ansible repos we do not have playbooks which tests a DB connection or DB installation sanity.

akondrahman commented 4 years ago

OK. No problem. If we have six categories then we will report six categories for Ansible in the paper.

Talismanic commented 4 years ago

Closing this issue as we did not find this anti pattern in any ansible test scripts.