8000 Secret action field show as plaint text in rule view · Issue #4784 · StackStorm/st2 · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Secret action field show as plaint text in rule view #4784
New issue
New issue
Closed
Closed
Secret action field show as plaint text in rule view#4784
Labels
bugsecurity
@igorfernandes

Description

@igorfernandes
igorfernandes
opened on Aug 30, 2019

SUMMARY

Secret fields are showing as plain text when we see rule information.

STACKSTORM VERSION

st2 3.1.0, on Python 2.7.5

OS, environment, install method

OS: Oracle Linux 7.5
Custom HA installation with ST2 RPM without changes. All services separate as a single VM.
st2.conf with mask_secrets = True

Steps to reproduce the problem

Create a RULE with HTTP ACTION and set the password field with anything. When click to see RULE details you can see the password as plain text.

Expected Results

As a secret parameter of action, that does not need to show in rule information

Actual Results

We can see all secret field as plain text

Screen Shot 2019-08-30 at 3 46 24 PM

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugsecurity

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0