From e5cd857dbbe5fbc23face37acf44ef955eef03e9 Mon Sep 17 00:00:00 2001
From: Austin Vazquez <55906459+austinvazquez@users.noreply.github.com>
Date: Thu, 15 Feb 2024 18:09:36 -0600
Subject: [PATCH] Remove create task stdin/stdout/stderr fields. (#781)

Stdin/stdout/stderr fields can container full shim logger binary URIs
which may container sensitive information such as logging credentials.
Since there is no simple method for redacting this information at
runtime, the best solution is to not log them to disk.

Signed-off-by: Austin Vazquez <macedonv@amazon.com>
---
 runtime/service.go | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/runtime/service.go b/runtime/service.go
index 7945eb715..d220009dc 100644
--- a/runtime/service.go
+++ b/runtime/service.go
@@ -1146,12 +1146,10 @@ func (s *service) Create(requestCtx context.Context, request *taskAPI.CreateTask
 		return nil, err
 	}
 
+	// We don't log request.Stdin, request.Stdout, or request.Stderr as they may contain sensitive information.
 	logger.WithFields(logrus.Fields{
 		"bundle":     request.Bundle,
 		"terminal":   request.Terminal,
-		"stdin":      request.Stdin,
-		"stdout":     request.Stdout,
-		"stderr":     request.Stderr,
 		"checkpoint": request.Checkpoint,
 	}).Debug("creating task")