mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Mann <g...@mesosphere.io>
Subject Re: Review Request 65226: Added SecurePathOrValue for file flags which need not to leak contents.
Date Fri, 19 Jan 2018 01:07:50 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65226/#review195761
-----------------------------------------------------------


Fix it, then Ship it!




Awesome, thanks Alexander :)


3rdparty/stout/include/stout/flags/fetch.hpp
Lines 70-72 (patched)
<https://reviews.apache.org/r/65226/#comment275063>

    Could you leave a comment here explaining why we don't fetch as normal for this type?



3rdparty/stout/include/stout/flags/flag.hpp
Lines 104-106 (patched)
<https://reviews.apache.org/r/65226/#comment275059>

    This will fit on two lines.



3rdparty/stout/include/stout/flags/flag.hpp
Lines 114-115 (patched)
<https://reviews.apache.org/r/65226/#comment275060>

    I think our usual wrapping here would be
    
    ```
    inline std::ostream& operator<<(
        std::ostream &stream,
        const SecurePathOrValue& flag)
    ```
    
    ?


- Greg Mann


On Jan. 18, 2018, 6:53 p.m., Alexander Rojas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65226/
> -----------------------------------------------------------
> 
> (Updated Jan. 18, 2018, 6:53 p.m.)
> 
> 
> Review request for mesos and Greg Mann.
> 
> 
> Bugs: MESOS-8413
>     https://issues.apache.org/jira/browse/MESOS-8413
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> The default behavior when serializing a flag, if its value comes from
> a file (by using the prefix `file://`) is to show the contents of
> the file instead of the path to the file.
> 
> A common pattern for flags containing sensitive information is to
> store the values in a secure file, however the default behavior
> of serializing flags causes these values to be leaked when
> serializing a subclass of `FlagsBase`.
> 
> This patch introduces the structure `SecurePathOrValue` so that
> the default behavior is overriden and the path of the flag will
> be shown instead of the flag value itself.
> 
> 
> Diffs
> -----
> 
>   3rdparty/stout/include/stout/flags/fetch.hpp 788d09e0a2083ead7d6ccb0c233cfdfd5d1ddb81

>   3rdparty/stout/include/stout/flags/flag.hpp 6580c294fc5d06854eadc19b1515172a4a700e89

>   3rdparty/stout/include/stout/flags/parse.hpp 6112d699be4cbdcb7a7872da8f29d41aab0939a3

> 
> 
> Diff: https://reviews.apache.org/r/65226/diff/1/
> 
> 
> Testing
> -------
> 
> ```
> make check
> ```
> 
> Full testing in follow up patch.
> 
> 
> Thanks,
> 
> Alexander Rojas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message