Rel/0.21.0 #82
Rel/0.21.0 #82
Conversation
Signed-off-by: Justin Schneck <j.schneck@peridio.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| // Resolve UID: env var > config > libc | ||
| let uid = if let Ok(env_uid) = env::var("AVOCADO_HOST_UID") { | ||
| env_uid.parse::<u32>().unwrap_or_else(|_| { | ||
| eprintln!( |
Check failure
Code scanning / CodeQL
Cleartext logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 4 hours ago
In general, to fix cleartext logging of sensitive information, avoid including raw values from untrusted or potentially sensitive sources (like environment variables) directly in log messages. If some detail is necessary, log only non-sensitive metadata (e.g., “invalid format” or “out of range”) or a redacted form of the value.
For this specific code, the best fix is to keep the warning messages but remove the interpolation of env_uid and env_gid from the eprintln! calls. The messages can still explain that AVOCADO_HOST_UID or AVOCADO_HOST_GID is invalid and that the fallback value is being used, without showing the offending value. This preserves existing behavior—parsing logic, fallbacks, and control flow remain unchanged—while eliminating cleartext logging of data that originates from an untrusted environment variable. No new imports or helper methods are needed; we only adjust the format strings in the existing eprintln! calls at lines 2619–2622 and 2634–2637 in src/utils/config.rs.
| @@ -2617,8 +2617,7 @@ | ||
| let uid = if let Ok(env_uid) = env::var("AVOCADO_HOST_UID") { | ||
| env_uid.parse::<u32>().unwrap_or_else(|_| { | ||
| eprintln!( | ||
| "Warning: Invalid AVOCADO_HOST_UID '{}', using fallback", | ||
| env_uid | ||
| "Warning: Invalid AVOCADO_HOST_UID, using fallback UID value" | ||
| ); | ||
| fallback_uid | ||
| }) | ||
| @@ -2632,8 +2631,7 @@ | ||
| let gid = if let Ok(env_gid) = env::var("AVOCADO_HOST_GID") { | ||
| env_gid.parse::<u32>().unwrap_or_else(|_| { | ||
| eprintln!( | ||
| "Warning: Invalid AVOCADO_HOST_GID '{}', using fallback", | ||
| env_gid | ||
| "Warning: Invalid AVOCADO_HOST_GID, using fallback GID value" | ||
| ); | ||
| fallback_gid | ||
| }) |
| .parse() | ||
| .expect("Failed to parse UID"); | ||
|
|
||
| assert_eq!( |
Check failure
Code scanning / CodeQL
Cleartext logging of sensitive information High test
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 4 hours ago
In general, to fix cleartext logging issues you either (1) stop logging the sensitive value, or (2) transform it (e.g., hash or encrypt) so it is not exposed in readable form. For assertions, the simplest and safest approach is to avoid including sensitive values in the assertion message at all, relying instead on a generic message or on the fact that the assertion failure itself already indicates what went wrong.
For this specific case in tests/runs_on_integration.rs, the issue arises in the assert_eq! macro at lines 688–691, where the failure message explicitly prints local_uid and remote_uid:
assert_eq!(
remote_uid, local_uid,
"Owner UID should be preserved (local: {}, remote: {})",
local_uid, remote_uid
);The best fix that doesn’t change test behavior (aside from log content) is to remove the formatting arguments and sensitive values from the message, while keeping the equality check. We can change this to either a plain assert_eq!(remote_uid, local_uid); or an assert_eq! with a static, non‑parameterized message like "Owner UID should be preserved". This removes local_uid and remote_uid from the formatted output and addresses all alert variants. No new imports or helper methods are needed.
| @@ -687,8 +687,7 @@ | ||
|
|
||
| assert_eq!( | ||
| remote_uid, local_uid, | ||
| "Owner UID should be preserved (local: {}, remote: {})", | ||
| local_uid, remote_uid | ||
| "Owner UID should be preserved" | ||
| ); | ||
|
|
||
| fs::remove_dir_all(&temp_dir).ok(); |
No description provided.