Reviewed: https://review.openstack.org/490674 Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=af0b0082de8556e6923634986567b42c94fc31b3 Submitter: Jenkins Branch: master commit af0b0082de8556e6923634986567b42c94fc31b3 Author: Walter A. Boring IV <waboring at hemna.com> Date: Thu Aug 3 23:05:34 2017 +0000 Infortrend mask password logging This patch fixes a problem when a cli command is executed and fails, the driver logs the entire command including the password in clear text. This patch makes sure that the password is masked out. Change-Id: I4984b994bde4c5aa3a8914f06f5cfc8205f0f4d8 Closes-Bug: 1708547 ** Changed in: cinder Status: In Progress => Fix Released -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1708547 Title: Infortrend driver logs password in commands Status in Cinder: Fix Released Bug description: The Infortrend driver's cli_factory constructs a command to execute, which can include a password. When the command fails, the cli_factory logs the entire command line to the log file, leaving the password in clear text. password line https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/infortrend/raidcmd_cli/cli_factory.py#L173-L175 command logged https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/infortrend/raidcmd_cli/cli_factory.py#L221-L226 To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1708547/+subscriptions