Multipart user data content still ends up in the logs

cloudbase / cloudbase-init

Cross-platform instance initialization

http://openstack.org

Apache License 2.0

414 stars 150 forks source link

Multipart user data content still ends up in the logs #87

Open Crono1981 opened 2 years ago

Crono1981 commented 2 years ago

I came across this commit:

https://github.com/cloudbase/cloudbase-init/commit/ae060c5a89f01d9e106653979480fc057c79bebd

It removed user data content from logs, as it may (rightfully) contain sensitive information.

However, it looks like this change had no effect for multipart user data content, as it still makes it to the log along with any sensitive data it may hold.

I think this should be looked into.

Crono1981 commented 2 years ago

Here's the line I believe to be in cause:

https://github.com/cloudbase/cloudbase-init/blob/39e2f6faf4f8062394bc61ccd0a833e7c8b76917/cloudbaseinit/plugins/common/userdata.py#L84