Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nested Key marked as secret in pack config schema showing as plain text in WebGUI #4448

Open
namachieli opened this issue Nov 16, 2018 · 1 comment
Open

Nested Key marked as secret in pack config schema showing as plain text in WebGUI #4448

namachieli opened this issue Nov 16, 2018 · 1 comment
Labels
bug security

Comments

@namachieli
Copy link

SUMMARY

Seen in the zabbix pack. A nested key in the zabbix pack config that is marked as secret: true is still being shown in plain text in the webgui.

ISSUE TYPE
  • Bug Report
STACKSTORM VERSION

Paste the output of st2 --version:
st2 2.9.1, on Python 2.7.12

OS / ENVIRONMENT / INSTALL METHOD

Ubuntu 16.04 LTS One line install

STEPS TO REPRODUCE

Fresh install of st2 2.9.1 on Ubuntu 16.04 LTS
Install Zabbix pack from webgui
Configure as below

Config

zabbix:
  password: R******$
  url: https://zabbix*******
  username: s******t

image

EXPECTED RESULTS

The key password: should shows as ******

ACTUAL RESULTS

The key password: should shows as plain-text
@Kami
Copy link
Member

Kami commented Nov 19, 2018

Thanks for reporting this.

This indeed looks like a bug in https://github.com/stackstorm/st2web in scenario where we display whole config as raw JSON.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Kami @arm4b @namachieli