Skip to content

Commit

Permalink
Remove create task stdin/stdout/stderr fields. (#781)
Browse files Browse the repository at this point in the history 
Stdin/stdout/stderr fields can container full shim logger binary URIs
which may container sensitive information such as logging credentials.
Since there is no simple method for redacting this information at
runtime, the best solution is to not log them to disk.

Signed-off-by: Austin Vazquez <macedonv@amazon.com>
  • Loading branch information
@austinvazquez
austinvazquez authored Feb 16, 2024
1 parent 3fae0bd commit e5cd857
Showing 1 changed file with 1 addition and 3 deletions.
4 changes: 1 addition & 3 deletions runtime/service.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1146,12 +1146,10 @@ func (s *service) Create(requestCtx context.Context, request *taskAPI.CreateTask
return nil, err
}

// We don't log request.Stdin, request.Stdout, or request.Stderr as they may contain sensitive information.
logger.WithFields(logrus.Fields{
"bundle": request.Bundle,
"terminal": request.Terminal,
"stdin": request.Stdin,
"stdout": request.Stdout,
"stderr": request.Stderr,
"checkpoint": request.Checkpoint,
}).Debug("creating task")

Expand Down

0 comments on commit e5cd857

Please sign in to comment.