Skip to content

fix(support): sanitize agent env #12554

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 12, 2024
Merged

fix(support): sanitize agent env #12554

merged 3 commits into from
Mar 12, 2024

Conversation

johnstcn
Copy link
Member

We don't want support bundles leaking users' OIDC tokens etc.

@johnstcn johnstcn self-assigned this Mar 12, 2024
mafredri
mafredri approved these changes Mar 12, 2024
View reviewed changes
dannykopping
dannykopping reviewed Mar 12, 2024
View reviewed changes
@dannykopping
Copy link
Contributor

I'm wondering if we should rather use an allowlist rather than a denylist?
We know all of the env vars which are pertinent to coder; why not only include those?

@johnstcn
Copy link
Member Author

johnstcn commented Mar 12, 2024
edited
Loading

I'm wondering if we should rather use an allowlist rather than a denylist? We know all of the env vars which are pertinent to coder; why not only include those?

That's interesting. This would also catch someone randomly adding an agent environment variable. I'll look into that.

EDIT: agent environment variables are likely not what we would need for debugging anyway; we'd be more interested in the underlying compute resource (e.g. Docker container).

I'll just scrub all the values and be done with it. WDYT?

mtojek
mtojek reviewed Mar 12, 2024
View reviewed changes
@johnstcn johnstcn requested review from mtojek and dannykopping March 12, 2024 14:27
johnstcn
johnstcn commented Mar 12, 2024
View reviewed changes
@johnstcn johnstcn force-pushed the cj/support-sanitize-env branch from dc33666 to 06c2ac6 Compare March 12, 2024 14:35
dannykopping
dannykopping approved these changes Mar 12, 2024
View reviewed changes
Copy link
Contributor

@dannykopping dannykopping left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

mtojek
mtojek approved these changes Mar 12, 2024
View reviewed changes
Copy link
Member

@mtojek mtojek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@johnstcn johnstcn force-pushed the cj/support-sanitize-env branch from 06c2ac6 to e13e5b3 Compare March 12, 2024 15:10
@johnstcn johnstcn merged commit 47cb584 into main Mar 12, 2024
@johnstcn johnstcn deleted the cj/support-sanitize-env branch March 12, 2024 15:23
@github-actions github-actions bot locked and limited conversation to collaborators Mar 12, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mafredri mafredri mafredri approved these changes

@dannykopping dannykopping dannykopping approved these changes

@mtojek mtojek mtojek approved these changes

Assignees

@johnstcn johnstcn

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@johnstcn @dannykopping @mafredri @mtojek