Project

General

Profile

Cleanup #49216

mgr/dashboard: delete EOF when reading passwords from file

Added by Alfonso Martínez 17 days ago. Updated 14 days ago.

Status:
Pending Backport
Priority:
High
Category:
dashboard/backend
Target version:
% Done:

0%

Tags:
Backport:
pacific octopus nautilus
Reviewed:
Affected Versions:
Pull request ID:

Description

When executing:
1) echo "myPassw0rd" > /tmp/my_secret.txt
(Notice: not using "-n" option; also reproducible by editing the file with text editor that adds a newline separator when saving.)

2) ceph dashboard ac-user-set-password admin -i /tmp/my_secret.txt
(The command succeeds.)

RESULT: the user is not able to log in through dashboard.

EXPECTED RESULT: be able to log in.

FIX: Sanitize the input.


Related issues

Related to mgr - Subtask #48355: mgr/dashboard: CLI commands: read passwords from file Pending Backport
Copied to mgr - Backport #49270: pacific: mgr/dashboard: delete EOF when reading passwords from file Resolved
Copied to mgr - Backport #49271: nautilus: mgr/dashboard: delete EOF when reading passwords from file Resolved
Copied to mgr - Backport #49272: octopus: mgr/dashboard: delete EOF when reading passwords from file New

History

#1 Updated by Alfonso Martínez 17 days ago

  • Status changed from In Progress to Fix Under Review
  • Assignee set to Alfonso Martínez
  • Pull request ID set to 39362

#2 Updated by Alfonso Martínez 17 days ago

  • Related to Subtask #48355: mgr/dashboard: CLI commands: read passwords from file added

#3 Updated by Ernesto Puerta 14 days ago

  • Status changed from Fix Under Review to Pending Backport

#4 Updated by Ernesto Puerta 14 days ago

  • Priority changed from Normal to High

#5 Updated by Backport Bot 14 days ago

  • Copied to Backport #49270: pacific: mgr/dashboard: delete EOF when reading passwords from file added

#6 Updated by Backport Bot 14 days ago

  • Copied to Backport #49271: nautilus: mgr/dashboard: delete EOF when reading passwords from file added

#7 Updated by Backport Bot 14 days ago

  • Copied to Backport #49272: octopus: mgr/dashboard: delete EOF when reading passwords from file added

Also available in: Atom PDF