@@ -28,6 +28,8 @@ def create_server(
admin_password=None,
reuseport=False,
):
+ HIDE_FRAME_ARGS = True # Do not leak password on exception
+
def sqlite_engine():
from .sqlite import DatabaseEngine
@@ -70,6 +72,8 @@ def create_server(
def create_client(addr, username=None, password=None):
+ HIDE_FRAME_ARGS = True # Do not leak password on exception
+
from . import client
c = client.Client(username, password)
@@ -89,6 +93,8 @@ def create_client(addr, username=None, password=None):
async def create_async_client(addr, username=None, password=None):
+ HIDE_FRAME_ARGS = True # Do not leak password on exception
+
from . import client
c = client.AsyncClient(username, password)
@@ -80,6 +80,8 @@ class AsyncClient(bb.asyncrpc.AsyncClient):
MODE_EXIST_STREAM = 2
def __init__(self, username=None, password=None):
+ HIDE_FRAME_ARGS = True # Do not leak password on exception
+
super().__init__("OEHASHEQUIV", "1.1", logger)
self.mode = self.MODE_NORMAL
self.username = username
@@ -236,6 +238,8 @@ class AsyncClient(bb.asyncrpc.AsyncClient):
return await self.invoke({"clean-unused": {"max_age_seconds": max_age}})
async def auth(self, username, token):
+ HIDE_FRAME_ARGS = True # Do not leak token on exception
+
result = await self.invoke({"auth": {"username": username, "token": token}})
self.username = username
self.password = token
@@ -319,6 +323,8 @@ class AsyncClient(bb.asyncrpc.AsyncClient):
class Client(bb.asyncrpc.Client):
def __init__(self, username=None, password=None):
+ HIDE_FRAME_ARGS = True # Do not leak password on exception
+
self.username = username
self.password = password
@@ -793,6 +793,8 @@ class Server(bb.asyncrpc.AsyncServer):
admin_username=None,
admin_password=None,
):
+ HIDE_FRAME_ARGS = True # Do not leak password on exception
+
if upstream and read_only:
raise bb.asyncrpc.ServerError(
"Read-only hashserv cannot pull from an upstream server"
@@ -115,6 +115,8 @@ class UnihashesV2(DeprecatedBase):
class DatabaseEngine(object):
def __init__(self, url, username=None, password=None):
+ HIDE_FRAME_ARGS = True # Do not leak password on exception
+
self.logger = logging.getLogger("hashserv.sqlalchemy")
self.url = sqlalchemy.engine.make_url(url)
If an exception occurred in some of the function calls in the hash server code, passwords could be leaked because bitbake tries to print function arguments in its backtrace. Add the flag that prevents bitbake from showing argument values in these functions to prevent the password from leaking Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> --- bitbake/lib/hashserv/__init__.py | 6 ++++++ bitbake/lib/hashserv/client.py | 6 ++++++ bitbake/lib/hashserv/server.py | 2 ++ bitbake/lib/hashserv/sqlalchemy.py | 2 ++ 4 files changed, 16 insertions(+)