Bug 1238391 – Lifecycle/customize root password logged in clear text.

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1238391 - Lifecycle/customize root password logged in clear text.

Summary:	Lifecycle/customize root password logged in clear text.

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat CloudForms Management Engine
Classification:	Red Hat
Component:	Automate (Show other bugs)
Sub Component:
Version:	5.4.0
Hardware:	All All

Priority	high Severity medium
Target Milestone:	GA
Target Release:	5.5.0
Assigned To:	Keenan Brock
QA Contact:	Kyrylo Zvyagintsev
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2015-07-01 14:35 EDT by Josh Carter
Modified:	2015-12-08 08:21 EST (History)
CC List:	7 users (show)

See Also:
Fixed In Version:	5.5.0.1
Doc Type:	Bug Fix
Doc Text:	In the previous version of CloudForms Management Engine, providing a root password in the Customize tab while provisioning a virtual machine resulted in the password being logged in clear text to the evm log. This was because the method used to dump object data did not define the filters for sensitive data. This bug was fixed by adding the filter options to the object dump method. The root password is no longer logged while provisioning a virtual machine in the new version of CloudForms Management Engine.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-12-08 08:21:02 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:2551	normal	SHIPPED_LIVE	Moderate: CFME 5.5.0 bug fixes and enhancement update	2015-12-08 12:58:09 EST

Groups: None (edit)

Description Josh Carter 2015-07-01 14:35:03 EDT

Description of problem:

Providing a root password in the customize tab is logged in clear text. 

[----] I, [2015-06-30T16:38:04.334311 #3605:b93ea8]  INFO -- : Q-task_id([miq_provision_12000000000018]) MIQ(MiqProvisionRedhat#log_clone_options) Prov Options:  [:dns_servers](String) = "8.8.8.83"
[----] I, [2015-06-30T16:38:04.334370 #3605:b93ea8]  INFO -- : Q-task_id([miq_provision_12000000000018]) MIQ(MiqProvisionRedhat#log_clone_options) Prov Options:  [:dns_suffixes](NilClass) = nil
[----] I, [2015-06-30T16:38:04.334429 #3605:b93ea8]  INFO -- : Q-task_id([miq_provision_12000000000018]) MIQ(MiqProvisionRedhat#log_clone_options) Prov Options:  [:root_password](String) = "smartvm"
[----] I, [2015-06-30T16:38:04.334499 #3605:b93ea8]  INFO -- : Q-task_id([miq_provision_12000000000018]) MIQ(MiqProvisionRedhat#log_clone_options) Prov Options:  [:addr_mode][0](String) = "dhcp"
[----] I, [2015-06-30T16:38:04.334561 #3605:b93ea8]  INFO -- : Q-task_id([miq_provision_12000000000018]) MIQ(MiqProvisionRedhat#log_clone_options) Prov Options:  [:addr_mode][1](String) = "DHCP"

Version-Release number of selected component (if applicable): 5.4.0.5


How reproducible:
very

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 2 Greg McCullough 2015-07-06 11:39:28 EDT

The dumpObj method allows for a options hash which can define "protected" filters.  This needs to be implemented in the calls where we are dumping the provision options.  See /vmdb/app/models/miq_provision_vmware/cloning.rb and vmdb/app/models/miq_provision_task_configured_system_foreman/options_helper.rb for examples.

The workflow has a class method that defines the protected fields for a task (self.encrypted_options_fields) which we might want to use to ensure new fields are hidden if they are added.  The workflow could be loaded from the task using the MiqProvisionWorkflow.class_for_source(source) method.

Comment 3 CFME Bot 2015-07-07 14:18:42 EDT

New commit detected on manageiq/master:
https://github.com/ManageIQ/manageiq/commit/58e3ffcaef48b7e662a6341f49378c7399f3f4b0

commit 58e3ffcaef48b7e662a6341f49378c7399f3f4b0
Author:     Keenan Brock <kbrock@redhat.com>
AuthorDate: Mon Jul 6 16:02:59 2015 -0400
Commit:     Keenan Brock <kbrock@redhat.com>
CommitDate: Tue Jul 7 10:53:25 2015 -0400

    Don't log provisioning passwords from options
    
    leverage workflow's encryption_option_fields to filter
    options sent to dumpObject
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1238391

 app/models/miq_provision_amazon/cloning.rb    |  2 +-
 app/models/miq_provision_microsoft/cloning.rb |  2 +-
 app/models/miq_provision_openstack/cloning.rb |  2 +-
 app/models/miq_provision_redhat/cloning.rb    |  2 +-
 app/models/miq_provision_vmware/cloning.rb    |  2 +-
 app/models/miq_request_workflow.rb            |  4 ++++
 app/models/mixins/miq_provision_mixin.rb      |  6 +++++-
 spec/models/miq_provision_redhat_spec.rb      | 16 ++++++++++++++++
 8 files changed, 30 insertions(+), 6 deletions(-)

Comment 6 errata-xmlrpc 2015-12-08 08:21:02 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:2551

Note You need to log in before you can comment on or make changes to this bug.