CL-Softwares
/
telegraf
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: redacts IPMI password in logs (#9997)

This commit is contained in:
Joshua Powers 2021-10-26 11:03:41 -06:00 committed by GitHub
parent b5ee27212e
commit 38aefd99b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 60 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
plugins/inputs/ipmi_sensor/ipmi.go
View File

@ -151,7 +151,7 @@ func (m *Ipmi) parse(acc telegraf.Accumulator, server string) error {
cmd := execCommand(name, dumpOpts...) cmd := execCommand(name, dumpOpts...)
out, err := internal.CombinedOutputTimeout(cmd, time.Duration(m.Timeout)) out, err := internal.CombinedOutputTimeout(cmd, time.Duration(m.Timeout))
if err != nil { if err != nil {
return fmt.Errorf("failed to run command %s: %s - %s", strings.Join(cmd.Args, " "), err, string(out)) return fmt.Errorf("failed to run command %s: %s - %s", strings.Join(sanitizeIPMICmd(cmd.Args), " "), err, string(out))
} }
} }
opts = append(opts, "-S") opts = append(opts, "-S")
@ -170,7 +170,7 @@ func (m *Ipmi) parse(acc telegraf.Accumulator, server string) error {
out, err := internal.CombinedOutputTimeout(cmd, time.Duration(m.Timeout)) out, err := internal.CombinedOutputTimeout(cmd, time.Duration(m.Timeout))
timestamp := time.Now() timestamp := time.Now()
if err != nil { if err != nil {
return fmt.Errorf("failed to run command %s: %s - %s", strings.Join(cmd.Args, " "), err, string(out)) return fmt.Errorf("failed to run command %s: %s - %s", strings.Join(sanitizeIPMICmd(cmd.Args), " "), err, string(out))
} }
if m.MetricVersion == 2 { if m.MetricVersion == 2 {
return m.parseV2(acc, hostname, out, timestamp) return m.parseV2(acc, hostname, out, timestamp)
@ -315,6 +315,16 @@ func aToFloat(val string) (float64, error) {
return f, nil return f, nil
} }
func sanitizeIPMICmd(args []string) []string {
for i, v := range args {
if v == "-P" {
args[i+1] = "REDACTED"
}
}
return args
}
func trim(s string) string { func trim(s string) string {
return strings.TrimSpace(s) return strings.TrimSpace(s)
} }

48
plugins/inputs/ipmi_sensor/ipmi_test.go
View File

@ -779,3 +779,51 @@ func Test_parseV2(t *testing.T) {
}) })
} }
} }
func TestSanitizeIPMICmd(t *testing.T) {
tests := []struct {
name string
args []string
expected []string
}{
{
name: "default args",
args: []string{
"-H", "localhost",
"-U", "username",
"-P", "password",
"-I", "lan",
},
expected: []string{
"-H", "localhost",
"-U", "username",
"-P", "REDACTED",
"-I", "lan",
},
},
{
name: "no password",
args: []string{
"-H", "localhost",
"-U", "username",
"-I", "lan",
},
expected: []string{
"-H", "localhost",
"-U", "username",
"-I", "lan",
},
},
{
name: "empty args",
args: []string{},
expected: []string{},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
var sanitizedArgs []string = sanitizeIPMICmd(tt.args)
require.Equal(t, tt.expected, sanitizedArgs)
})
}
}