From patchwork Tue Nov 26 22:16:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joshua Watt X-Patchwork-Id: 53250 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9BFBD66B84 for ; Tue, 26 Nov 2024 22:18:45 +0000 (UTC) Received: from mail-oa1-f54.google.com (mail-oa1-f54.google.com [209.85.160.54]) by mx.groups.io with SMTP id smtpd.web11.59011.1732659515996351174 for ; Tue, 26 Nov 2024 14:18:36 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Pd3H4d7O; spf=pass (domain: gmail.com, ip: 209.85.160.54, mailfrom: jpewhacker@gmail.com) Received: by mail-oa1-f54.google.com with SMTP id 586e51a60fabf-2967fb53621so116345fac.0 for ; Tue, 26 Nov 2024 14:18:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732659514; x=1733264314; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XRM+yEsR4E/Wo+Z6Ct09VUuEv1sq1/Kn5GeJ39UMg+s=; b=Pd3H4d7OwVC5rHkIcDcok6b38TDNa2bqbDgz5sOWj89Cc7nKbJAEXZuEddS8cfsQ9N w474vnM4Y+STA+vFwJ/7vCa+x2jHvnIt4ecczhC7mfdN08wCnNyGJLNkFbARgFvcl6yR mo38eeAxsrD8O/ChX7hzUuB27Y8hb1XvDMCFZvtSB1ICvvx4CxbjlsCTxkNRcKfc2jeT hGZjjYi13IaqtjGAmxA8RudjcAGoQhprHenusV1A+GuP+GzGZh5nueIo5r2O71q2oDPz ZFR2o0LK2zWKuZZ7NU/AiZDKK/Iq9X9jEssks5HfvHq3XRT9DlM+5TspH48r4EOffc+U zGog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732659514; x=1733264314; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XRM+yEsR4E/Wo+Z6Ct09VUuEv1sq1/Kn5GeJ39UMg+s=; b=VKjsViPdwHQnrmjjby67VgoWAFnU9Xi754p2PsUbdHwE9r60UZ193g8K+Zn7zKXx7B 2V9W8stdB/F5g3KCNhyvd0moLbVdBdVGS1ewBmcvcNZJGbew8JiPLavzYQoKEz7T9Vc1 7hzvH2tIR7D7CLCHy5OZUAUEIPXt3yK8ykdFXw5ZhEqXPTgdSKpCnJ/6sK8+xVBroGrq d7VjbPzSYx0FHL851g78lz2e1ynCACka5d9tmbJYApO0e6snQE+1nacCX9cm4YP00EsC sQuHMwTZta/oyQo/deRyzypR3gsu0povyGOM9BlWjP1w4jjJzurxcnF9ZhTjflULAwsa x6MQ== X-Gm-Message-State: AOJu0YxUCHGXkTy9c8aoriilYNCOlTx/7ppemUbkFjITpBDsCBmXGQc1 EzfjTFWUVUtJwM8AFajopPDl4zkM29RRvknJBJLW14Uvl8TWS+sJJKdafQ== X-Gm-Gg: ASbGncvrmr55Yg/weScCy9o6tSe9wE19xFNco2bevw8M7CVmaOGk9/j5KVF7ZYok61I BbvEJl8YXxbfD4IiA4Ez9e/CyHFArtz7zb8BXn6IuaNPTZeExZF6AFLul8Gf43cuZ/x+AERcZw3 05WdkcejWD2CKaJ0wi8UeihJkOyAoBNaOk2vJMa/EVzV3lArhgV/aHed9zWcx8zjCQJe0/wGCjl PoPwfZPAmlwTwnqZa7/OGrnT2Phz/V6lBompPL+bobjwuZq X-Google-Smtp-Source: AGHT+IF/Mo/1bt/9wbJgxutI05HB+ARu+mlRG6ekx+9N/UeF6bCcjttyAq0jdDZMXECCxFvT2TmhyA== X-Received: by 2002:a05:6870:700c:b0:297:6b3:f71c with SMTP id 586e51a60fabf-29dc22aecf2mr568092fac.5.1732659514651; Tue, 26 Nov 2024 14:18:34 -0800 (PST) Received: from localhost.localdomain ([2601:282:4300:19e0::dc1a]) by smtp.gmail.com with ESMTPSA id 46e09a7af769-71d5bdf568fsm776133a34.41.2024.11.26.14.18.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Nov 2024 14:18:33 -0800 (PST) From: Joshua Watt X-Google-Original-From: Joshua Watt To: bitbake-devel@lists.openembedded.org Cc: Joshua Watt Subject: [bitbake-devel][PATCH 1/2] exceptions: Add option to hide frame arguments in exceptions Date: Tue, 26 Nov 2024 15:16:01 -0700 Message-ID: <20241126221829.2825101-2-JPEWhacker@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20241126221829.2825101-1-JPEWhacker@gmail.com> References: <20241126221829.2825101-1-JPEWhacker@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 26 Nov 2024 22:18:45 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/bitbake-devel/message/16839 The exception code in bitbake prints out the arguments to functions calls, and while this is very useful, it means that if there are secret credentials in arguments (like the password for bitbake hashserver client), they will be shown in the logs and potentially leaked. To prevent this, add code that checks for the local variable HIDE_FRAME_ARGS in the function. If present and set to True, the exception code will not print the value of any of the function arguments. Signed-off-by: Joshua Watt --- bitbake/lib/bb/exceptions.py | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/bitbake/lib/bb/exceptions.py b/bitbake/lib/bb/exceptions.py index 60643bd6421..931140da0c6 100644 --- a/bitbake/lib/bb/exceptions.py +++ b/bitbake/lib/bb/exceptions.py @@ -36,26 +36,24 @@ class TracebackEntry(namedtuple.abc): def _get_frame_args(frame): """Get the formatted arguments and class (if available) for a frame""" - arginfo = inspect.getargvalues(frame) + args, varargs, keywords, local = inspect.getargvalues(frame) + if not args: + return '', None - if not arginfo.args: - return '', None - - firstarg = arginfo.args[0] + firstarg = args[0] if firstarg == 'self': - self = arginfo.locals['self'] + self = local['self'] cls = self.__class__.__name__ - arginfo.args.pop(0) - try: - del arginfo.locals['self'] - except TypeError: - # FIXME - python 3.13 FrameLocalsProxy can't be modified - pass + args.pop(0) + del local['self'] else: cls = None - formatted = inspect.formatargvalues(*arginfo) + if local.get("HIDE_FRAME_ARGS", False): + return '(HIDDEN)', cls + + formatted = inspect.formatargvalues(args, varargs, keywords, local) return formatted, cls def extract_traceback(tb, context=1): From patchwork Tue Nov 26 22:16:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joshua Watt X-Patchwork-Id: 53251 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB52FD66B85 for ; Tue, 26 Nov 2024 22:18:45 +0000 (UTC) Received: from mail-ot1-f54.google.com (mail-ot1-f54.google.com [209.85.210.54]) by mx.groups.io with SMTP id smtpd.web10.58751.1732659517636115930 for ; Tue, 26 Nov 2024 14:18:37 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Y3fF87Ul; spf=pass (domain: gmail.com, ip: 209.85.210.54, mailfrom: jpewhacker@gmail.com) Received: by mail-ot1-f54.google.com with SMTP id 46e09a7af769-71d4d0516e6so1518555a34.2 for ; Tue, 26 Nov 2024 14:18:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732659516; x=1733264316; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nIv9oVkMFVVl2hkX2xI8uBEDk9vfZJMo4RXXEoWzseQ=; b=Y3fF87UlWM2ovLI50mYugzMN1IO6ylHsWmZgQpXhaSS42n5maY5HpIidlABwmfROGd SZhETo5BTEccVxvK/QCVpJZbyMIcHIeE+hBOPdZ/7fZ++yBIa7zp50N2IQgLkB9V4kZM +FKBjJDw7IjiG/lp7VuSlXmsS9aarTSi8z2EVIhbTyebDNqMyCcCX75VvCUdPbiYnGJr M98nMQe1baqSEzftR4Z4yuXDhDvdFAt9TZfussTXixTl4k2Gkazbc1dXERWdwR+cNKS1 KjtEjfJJWiZWASK3s7zlV3LmzVkK8T8WBRdzmopVnhOUTsGCGpQW6zti685/eaBQibKm ZJhA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732659516; x=1733264316; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nIv9oVkMFVVl2hkX2xI8uBEDk9vfZJMo4RXXEoWzseQ=; b=NUXGADXdNAsc4Y6Akmmu0i4mQQEi0ALjjrIxS9w7/aE6qd+8tv8jAFJpFhSorgpqaP 0RMou++egyZU8+xBxD83M5Ab9vPfZOyrfdcS4RrUpUXJjBZilIbH9AMWMMp2PTJsq3nl KYsX1fdfyNSdiMFB9ng5DuhBCcuutcc6DZXb1zQk5cNi5o3hPmHI3INY4bwcMFOAlggr 43iXKzgSNV0dDStLI/vnI1Ng2d6RLJqMLoniZ1V+Jix9b7POuGyjCZr3rHvaCuLfadPD oYEEEQXDprjl3ZRa1BvKPmfP1x3RqRSuUqjcp6uHhxosL20sjqgb7RXiZVnK6WPXvY3K WJNg== X-Gm-Message-State: AOJu0Yyrz7rwg1O8psknAVJtrPKbfU4olfzGM//yw8+k8AmL3C48Blku ueEa5K5A5RaX96L9KbA0OWFs7Ll/5YMv2fbg9j8qHKFws9QJhvk2jzB2aw== X-Gm-Gg: ASbGncuiEN8smJyokbPotj8I2n65u4SS+BMarbg+BC2hkMbEEujgggwawM13dbp1elc EtG+f+vstVqDplHUVjSkVsobyIIWdkYvO48PWDw4broRVVasVgM9CucFwQQ+avsv2VTk19Gj4JG qzicHaGuvNXh2i0VxLpQ1Qz843IjFdNsjPiAVE2fIZh5rouUxNgkw05y5tWbmUxdbAF2xB04Mbe fmRTHephh6zqC9WUTth+5CRbJeEN7etkNmtiW/pYoUE1Nyf X-Google-Smtp-Source: AGHT+IH1FZ7Vxo7FhW6sL64QVilBevHvoXjcQKslTdTXk2IMAaNBa1bPKmofMlNGkF7sFE0Sl93FQQ== X-Received: by 2002:a05:6830:6a8d:b0:718:194d:8a6 with SMTP id 46e09a7af769-71d65d34cbbmr760748a34.28.1732659516179; Tue, 26 Nov 2024 14:18:36 -0800 (PST) Received: from localhost.localdomain ([2601:282:4300:19e0::dc1a]) by smtp.gmail.com with ESMTPSA id 46e09a7af769-71d5bdf568fsm776133a34.41.2024.11.26.14.18.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Nov 2024 14:18:35 -0800 (PST) From: Joshua Watt X-Google-Original-From: Joshua Watt To: bitbake-devel@lists.openembedded.org Cc: Joshua Watt Subject: [bitbake-devel][PATCH 2/2] hashserv: Do not print passwords in exceptions Date: Tue, 26 Nov 2024 15:16:02 -0700 Message-ID: <20241126221829.2825101-3-JPEWhacker@gmail.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20241126221829.2825101-1-JPEWhacker@gmail.com> References: <20241126221829.2825101-1-JPEWhacker@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 26 Nov 2024 22:18:45 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/bitbake-devel/message/16840 If an exception occurred in some of the function calls in the hash server code, passwords could be leaked because bitbake tries to print function arguments in its backtrace. Add the flag that prevents bitbake from showing argument values in these functions to prevent the password from leaking Signed-off-by: Joshua Watt --- bitbake/lib/hashserv/__init__.py | 6 ++++++ bitbake/lib/hashserv/client.py | 6 ++++++ bitbake/lib/hashserv/server.py | 2 ++ bitbake/lib/hashserv/sqlalchemy.py | 2 ++ 4 files changed, 16 insertions(+) diff --git a/bitbake/lib/hashserv/__init__.py b/bitbake/lib/hashserv/__init__.py index ac891e0174d..d2471fe7858 100644 --- a/bitbake/lib/hashserv/__init__.py +++ b/bitbake/lib/hashserv/__init__.py @@ -28,6 +28,8 @@ def create_server( admin_password=None, reuseport=False, ): + HIDE_FRAME_ARGS = True # Do not leak password on exception + def sqlite_engine(): from .sqlite import DatabaseEngine @@ -70,6 +72,8 @@ def create_server( def create_client(addr, username=None, password=None): + HIDE_FRAME_ARGS = True # Do not leak password on exception + from . import client c = client.Client(username, password) @@ -89,6 +93,8 @@ def create_client(addr, username=None, password=None): async def create_async_client(addr, username=None, password=None): + HIDE_FRAME_ARGS = True # Do not leak password on exception + from . import client c = client.AsyncClient(username, password) diff --git a/bitbake/lib/hashserv/client.py b/bitbake/lib/hashserv/client.py index a510f3284fc..13a6e62e7fe 100644 --- a/bitbake/lib/hashserv/client.py +++ b/bitbake/lib/hashserv/client.py @@ -80,6 +80,8 @@ class AsyncClient(bb.asyncrpc.AsyncClient): MODE_EXIST_STREAM = 2 def __init__(self, username=None, password=None): + HIDE_FRAME_ARGS = True # Do not leak password on exception + super().__init__("OEHASHEQUIV", "1.1", logger) self.mode = self.MODE_NORMAL self.username = username @@ -236,6 +238,8 @@ class AsyncClient(bb.asyncrpc.AsyncClient): return await self.invoke({"clean-unused": {"max_age_seconds": max_age}}) async def auth(self, username, token): + HIDE_FRAME_ARGS = True # Do not leak token on exception + result = await self.invoke({"auth": {"username": username, "token": token}}) self.username = username self.password = token @@ -319,6 +323,8 @@ class AsyncClient(bb.asyncrpc.AsyncClient): class Client(bb.asyncrpc.Client): def __init__(self, username=None, password=None): + HIDE_FRAME_ARGS = True # Do not leak password on exception + self.username = username self.password = password diff --git a/bitbake/lib/hashserv/server.py b/bitbake/lib/hashserv/server.py index 68f64f983b2..61ddeaad80b 100644 --- a/bitbake/lib/hashserv/server.py +++ b/bitbake/lib/hashserv/server.py @@ -793,6 +793,8 @@ class Server(bb.asyncrpc.AsyncServer): admin_username=None, admin_password=None, ): + HIDE_FRAME_ARGS = True # Do not leak password on exception + if upstream and read_only: raise bb.asyncrpc.ServerError( "Read-only hashserv cannot pull from an upstream server" diff --git a/bitbake/lib/hashserv/sqlalchemy.py b/bitbake/lib/hashserv/sqlalchemy.py index f7b0226a7a3..54aec55b24b 100644 --- a/bitbake/lib/hashserv/sqlalchemy.py +++ b/bitbake/lib/hashserv/sqlalchemy.py @@ -115,6 +115,8 @@ class UnihashesV2(DeprecatedBase): class DatabaseEngine(object): def __init__(self, url, username=None, password=None): + HIDE_FRAME_ARGS = True # Do not leak password on exception + self.logger = logging.getLogger("hashserv.sqlalchemy") self.url = sqlalchemy.engine.make_url(url)