Skip to content

Reduce logs in EnvironmentAndSystemPropertyClientProviderStrate…#1913

Merged
rnorth merged 1 commit into
masterfrom
santise-docker-client-provider-logs
Sep 26, 2019
Merged

Reduce logs in EnvironmentAndSystemPropertyClientProviderStrate…#1913
rnorth merged 1 commit into
masterfrom
santise-docker-client-provider-logs

Conversation

@rnorth

@rnorth rnorth commented Sep 25, 2019
edited
Loading

Copy link
Copy Markdown
Member

Remove logs in EnvironmentAndSystemPropertyClientProviderStrategy which risk leaking credentials on console output

Fixes #1912

Before this change, docker registry credentials could be logged:

  • if credentials were hardcoded in ~/.docker/config.json and
  • if Testcontainers detected environment variables/system properties (such as DOCKER_HOST) which set/override the address of the docker daemon.

We recommend that you check recent CI logs for any accidentally logged credentials, and apologise for the inconvenience. Please see below for an example of the log message, which occurs during initial connection to the Docker daemon.

INFO  o.t.d.DockerClientProviderStrategy - Found Docker environment with Environment 
variables, system properties and defaults. Resolved: 
    dockerHost=unix:///var/run/docker.sock
    apiVersion='{UNKNOWN_VERSION}'
    registryUrl='https://index.docker.io/v1/'
    registryUsername='...'
    registryPassword='...'
    registryEmail='...'
    dockerConfig='DefaultDockerClientConfig[dockerHost=
unix:///var/run/docker.sock,registryUsername=...,registryPassword=<...>,
registryEmail=<...>,registryUrl=https://index.docker.io/v1/,
dockerConfigPath=/home/user/.docker,sslConfig=<null>,
apiVersion={UNKNOWN_VERSION},dockerConfig=<null>]'

has been changed to:

INFO  o.t.d.DockerClientProviderStrategy - Found Docker environment with Environment 
variables, system properties and defaults. Resolved dockerHost=unix:///var/run/docker.sock

@rnorth rnorth added the security Pull requests that address a security vulnerability label Sep 25, 2019
@rnorth rnorth requested review from bsideup and kiview September 25, 2019 15:08
@rnorth rnorth self-assigned this Sep 25, 2019
@rnorth
Remove logs in EnvironmentAndSystemPropertyClientProviderStrategy whi…
94f73f8 
…ch risk leaking credentials on console output

Fixes #1912
@rnorth rnorth force-pushed the santise-docker-client-provider-logs branch from 29cae0d to 94f73f8 Compare September 25, 2019 15:09
@rnorth rnorth changed the title Reduce logs in EnvironmentAndSystemPropertyClientProviderStrategy Reduce logs in EnvironmentAndSystemPropertyClientProviderStrate… Sep 26, 2019
@rnorth rnorth merged commit d3ba842 into master Sep 26, 2019
@rnorth rnorth deleted the santise-docker-client-provider-logs branch September 26, 2019 07:06
@rnorth rnorth added this to the 1.12.2 milestone Sep 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bsideup bsideup bsideup approved these changes

@kiview kiview Awaiting requested review from kiview

Assignees

@rnorth rnorth

Labels

security Pull requests that address a security vulnerability

Projects

None yet

Milestone

1.12.2

Development

Successfully merging this pull request may close these issues.

Dockerhub credentials logged on startup

2 participants

@rnorth @bsideup