You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 12, 2024. It is now read-only.
Describe the bug
Due to a cat command, security credentials are output into logs, which then get stored in plaintext on the local k8s node logs, as well as remote logging servers, and backups.
This is due to the following code:
for f in "${NIFI_HOME}/conf/authorizers.xml" "${NIFI_HOME}/conf/login-identity-providers.xml" ${NIFI_HOME}/conf/nifi.properties
do
echo === $f ===
cat $f
done
echo === end of files ===
Describe the bug
Due to a
cat
command, security credentials are output into logs, which then get stored in plaintext on the local k8s node logs, as well as remote logging servers, and backups.This is due to the following code:
https://github.com/cetic/helm-nifi/blob/db835032b6e860a2c7a84bbc9ca3ddb74f270453/templates/statefulset.yaml#LL286C1-L291C36
This kind of code is totally unnecessary. You can create a shell in the pod and look at the file yourself if need be.
Version of Helm, Kubernetes and the Nifi chart:
Chart 1.1.4
What happened:
The container 'server' outputs to its logs the whole authorizers.xml file which includes for example:
What you expected to happen:
No credential leakage.
How to reproduce it (as minimally and precisely as possible):
Use the helm chart to deploy the app.
The text was updated successfully, but these errors were encountered: