URL: https://github.com/freeipa/freeipa/pull/4540 Author: mrizwan93 Title: #4540: ipatests: Test to check password leak in apache error log Action: opened
PR body: """ Host enrollment with OTP used to log the password in cleartext to apache error log. This test ensures that the password should should not be a cleartext. related: https://pagure.io/freeipa/issue/8017 Signed-off-by: Mohammad Rizwan Yusuf <myu...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4540/head:pr4540 git checkout pr4540
From 3f3218a6f7709432857cf43b15c65414c0134d6c Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan Yusuf <myu...@redhat.com> Date: Thu, 16 Apr 2020 16:40:11 +0530 Subject: [PATCH] ipatests: Test to check password leak in apache error log Host enrollment with OTP used to log the password in cleartext to apache error log. This test ensures that the password should should not be a cleartext. related: https://pagure.io/freeipa/issue/8017 Signed-off-by: Mohammad Rizwan Yusuf <myu...@redhat.com> --- ipatests/test_integration/test_commands.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py index 7bb1ebcab5..41c5d07b95 100644 --- a/ipatests/test_integration/test_commands.py +++ b/ipatests/test_integration/test_commands.py @@ -523,6 +523,28 @@ def test_huge_password(self): raiseonerr=False) assert result.returncode == 0 + def test_cleartext_password_httpd_log(self): + """Test to check password leak in apache error log + + Host enrollment with OTP used to log the password in cleartext + to apache error log. This test ensures that the password should + should not be a cleartext. + + related: https://pagure.io/freeipa/issue/8017 + """ + hostname = 'test.{}'.format(self.master.domain.name) + passwd = 'Secret123' + + self.master.run_command(['ipa', 'host-add', '--force', + hostname, '--password', passwd]) + + result = self.master.run_command(['grep', 'host_add', + paths.VAR_LOG_HTTPD_ERROR]) + assert (hostname in result.stdout_text and + passwd not in result.stdout_text) + + self.master.run_command(['ipa', 'host-del', hostname]) + def test_change_selinuxusermaporder(self): """ An update file meant to ensure a more sane default was
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
