search

kubernetes-sigs / aws-efs-csi-driver

CSI Driver for Amazon EFS https://aws.amazon.com/efs/
Apache License 2.0
729 stars 554 forks source link

Sanitize CSI RPC request logs #1363

Closed mskanth972 closed 6 months ago

mskanth972 commented 6 months ago

Is this a bug fix or adding new feature? Security enhancement

What is this PR about? / Why do we need it? This PR addresses the potential risk of sensitive information being inadvertently logged, despite the EFS CSI Driver not supporting Token Requests. The primary change involves introducing a new utility function called SanitizeRequest. This function accepts a request object and returns a duplicate with the "Secrets" field emptied. It achieves this by creating a new instance of the request object's type, copying all fields from the original request to the new instance, and resetting the "Secrets" field to an empty map, if present.

What testing is done?

mskanth972 commented 6 months ago

/test pull-aws-efs-csi-driver-unit

seanzatzdev-amazon commented 6 months ago

/lgtm

k8s-ci-robot commented 6 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mskanth972, seanzatzdev-amazon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes-sigs/aws-efs-csi-driver/blob/master/OWNERS)~~ [mskanth972,seanzatzdev-amazon] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment