ansible

devel

stable-2.16

stable-2.17

milestone

stable-2.15

stable-2.14

stable-2.12

stable-2.13

stable-2.9

stable-2.11

stable-2.3

stable-2.10

stable-2.8

stable-2.4

stable-2.5

stable-2.6

stable-2.7

temp-2.10-devel

mazer_role_loader

stable-2.2

threading_plus_forking

threading_instead_of_forking

stable-2.1

stable-1.9

stable-2.0

stable-2.0.0.1

stable-2.0-network

release1.8.4

release1.8.3

release1.8.2

release1.8.1

release1.8.0

release1.7.2

release1.7.1

release1.7.0

release1.6.8

release1.6.10

release1.6.9

release1.6.7

release1.6.6

release1.6.5

release1.6.4

release1.6.3

release1.6.2

release1.6.1

release1.6.0

release1.5.5

release1.5.4

release1.5.3

release1.5.2

release1.5.1

release1.5.0

v2.14.3

v2.13.8

v2.14.3rc1

v2.13.8rc1

v2.14.2

v2.14.2rc1

v2.14.1

v2.13.7

v2.13.7rc1

v2.14.1rc1

v2.13.6

v2.14.0

v2.14.0rc2

v2.13.6rc1

v2.14.0rc1

v2.14.0b3

v2.13.5

v2.12.10

v2.14.0b2

v2.13.5rc1

v2.12.10rc1

v2.14.0b1

v2.12.9

v2.13.4

v2.13.4rc1

v2.12.9rc1

v2.13.3

v2.12.8

v2.12.8rc1

v2.13.3rc1

v2.13.2

v2.13.2rc1

v2.12.7

v2.13.1

v2.12.7rc1

v2.13.1rc1

v2.12.6

v2.11.12

v2.12.6rc1

v2.11.12rc1

v2.13.0

v2.13.0rc1

v2.13.0b1

v2.12.5

v2.11.11

v2.12.5rc1

v2.11.11rc1

v2.13.0b0

v2.12.4

v2.11.10

v2.12.4rc1

v2.11.10rc1

v2.11.9

v2.12.3

v2.12.3rc1

v2.11.9rc1

v2.12.2

v2.11.8

v2.10.17

v2.12.2rc1

v2.11.8rc1

v2.10.17rc1

v2.12.1

v2.11.7

v2.10.16

v2.10.16rc1

v2.11.7rc1

v2.12.1rc1

v2.12.0

v2.12.0rc1

v2.12.0b2

v2.11.6

v2.10.15

v2.9.27

v2.9.27rc1

v2.10.15rc1

v2.11.6rc1

v2.12.0b1

v2.11.5

v2.10.14

v2.9.26

v2.11.5rc1

v2.10.14rc1

v2.9.26rc1

v2.11.4

v2.10.13

v2.9.25

v2.9.25rc1

v2.10.13rc1

v2.11.4rc1

v2.11.3

v2.10.12

v2.9.24

v2.11.3rc1

v2.10.12rc1

v2.9.24rc1

v2.9.23

v2.10.11

v2.11.2

v2.11.2rc1

v2.10.11rc1

v2.9.23rc1

v2.11.1

v2.10.10

v2.9.22

v2.9.22rc1

v2.10.10rc1

v2.11.1rc1

v2.10.9

v2.9.21

v2.10.9rc1

v2.9.21rc1

v2.11.0

v2.8.20

v2.9.20

v2.10.8

v2.11.0rc2

v2.8.20rc1

v2.9.20rc1

v2.10.8rc1

v2.11.0rc1

stable-2.11-branchpoint

v2.11.0b4

v2.11.0b3

v2.11.0b2

v2.10.7

v2.9.19

v2.10.7rc1

v2.9.19rc1

v2.11.0b1

v2.8.19

v2.9.18

v2.10.6

v2.8.19rc1

v2.9.18rc1

v2.10.6rc1

v2.9.17

v2.10.5

v2.10.5rc1

v2.9.17rc1

v2.8.18

v2.9.16

v2.10.4

v2.8.18rc1

v2.9.16rc1

v2.10.4rc1

v2.8.17

v2.9.15

v2.10.3

v2.8.17rc1

v2.9.15rc1

v2.10.3rc1

v2.10.2

v2.9.14

v2.8.16

v2.8.16rc1

v2.9.14rc1

v2.10.2rc1

v2.10.1

v2.10.1rc3

v2.10.1rc2

v2.8.15

v2.9.13

v2.10.0

v2.9.12

v2.8.14

v2.10.0rc4

v2.10.0rc3

v2.10.0rc2

v2.10.0rc1

v2.9.11

v2.8.13

v2.9.10

v2.10.0b1

stable-2.10-branchpoint

v2.9.9

v2.7.18

v2.8.12

v2.9.8

v2.9.7

v2.8.11

v2.7.17

pre-ansible-base

v2.8.10

v2.8.9

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.8.8

v2.7.16

v2.9.2

v2.9.1

v2.8.7

v2.7.15

v2.9.0

v2.9.0rc5

v2.8.6

v2.7.14

v2.9.0rc4

v2.6.20

v2.9.0rc3

v2.9.0rc2

v2.9.0rc1

v2.8.5

v2.9.0b1

stable-2.9-branchpoint

v2.6.19

v2.7.13

v2.8.4

v2.8.3

v2.6.18

v2.7.12

v2.8.2

v2.8.1

v2.7.11

v2.6.17

v2.8.0

v2.8.0rc3

v2.8.0rc2

v2.8.0rc1

v2.8.0b1

v2.8.0a1

v2.6.16

v2.7.10

v2.6.15

v2.7.9

v2.7.8

v2.6.14

v2.5.15

v2.7.7

v2.6.13

v2.6.12

v2.7.6

v2.5.14

v2.7.5

v2.6.11

v2.6.10

v2.7.4

v2.5.13

v2.7.3

v2.6.9

v2.5.12

v2.6.8

v2.7.2

v2.6.7

v2.5.11

v2.7.1

v2.6.6

v2.7.0

v2.6.5

v2.7.0rc4

v2.5.10

v2.7.0rc3

v2.7.0rc2

v2.5.9

v2.6.4

v2.7.0rc1

v2.7.0b1

v2.7.0.a1

v2.6.3

v2.5.8

v2.6.2

v2.5.7

v2.6.1

v2.5.6

v2.4.6.0-1

v2.6.0

v2.6.0rc5

v2.6.0rc4

v2.4.5.0-1

v2.6.0rc3

v2.5.5

v2.4.5.0-0.1.rc1

v2.6.0rc2

v2.6.0rc1

v2.5.4

v2.6.0a2

v2.6.0a1

v2.5.3

v2.5.2

v2.5.1

v2.4.4.0-1

v2.4.4.0-0.3.rc2

v2.5.0

v2.5.0rc3

v2.5.0rc2

v2.4.4-0.2.rc1

v2.3.4.0-0.1.rc1

v2.5.0rc1

v2.4.4-0.1.beta1

v2.5.0b1

v2.5.0a1

v2.4.3.0-1

v2.4.3.0-0.6.rc3

v2.4.3.0-0.5.rc2

v2.4.3.0-0.4.rc1

v2.4.3-0.3.beta3

v2.4.3.0-0.2.beta2

v2.3.3.0-1

v2.4.3.0-0.1.beta1

v2.4.2.0-1

v2.4.2.0-0.5.rc1

v2.4.2.0-0.4.beta4

v2.3.3.0-0.3.rc3

v2.4.2.0-0.3.beta3

v2.4.2.0-0.2.beta2

v2.4.2.0-0.1.beta1

v2.4.1.0-1

v2.4.1.0-0.4.rc2

v2.3.3.0-0.2.rc2

v2.4.1.0-0.3.rc1

v2.4.1.0-0.2.beta2

v2.3.3.0-0.1.rc1

v2.4.1.0-0.1.beta1

v2.4.0.0-1

v2.4.0.0-0.5.rc5

v2.4.0.0-0.4.rc4

v2.4.0.0-0.3.rc3

v2.4.0.0-0.2.rc2

v2.4.0.0-0.1.rc1

v2.3.2.0-1

v2.3.2.0-0.5.rc5

v2.3.2.0-0.4.rc4

v2.3.2.0-0.3.rc3

v2.3.2.0-0.2.rc2

v2.3.2.0-0.1.rc1

v2.1.6.0-1

v2.3.1.0-1

v2.3.1.0-0.2.rc2

v2.2.3.0-1

v2.1.6.0-0.1.rc1

v2.3.1.0-0.1.rc1

v2.3.0.0-1

v2.3.0.0-0.6.rc6

v2.3.0.0-0.5.rc5

v2.3.0.0-0.4.rc4

v2.2.3.0-0.1.rc1

v2.3.0.0-0.3.rc3

v2.3.0.0-0.2.rc2

v2.2.2.0-1

v2.1.5.0-1

v2.3.0.0-0.1.rc1

v2.1.5.0-0.2.rc2

v2.2.2.0-0.2.rc2

v2.1.5.0-0.1.rc1

v2.2.2.0-0.1.rc1

v2.1.4.0-1

v2.2.1.0-1

v2.1.4.0-0.3.rc3

v2.2.1.0-0.5.rc5

v2.1.4.0-0.2.rc2

v2.2.1.0-0.4.rc4

v2.1.4.0-0.1.rc1

v2.2.1.0-0.3.rc3

v2.2.1.0-0.2.rc2

v2.2.1.0-0.1.rc1

v2.1.3.0-1

v2.2.0.0-1

v2.2.0.0-0.4.rc4

v2.1.3.0-0.3.rc3

v2.1.3.0-0.2.rc2

v2.2.0.0-0.3.rc3

v2.1.3.0-0.1.rc1

v2.2.0.0-0.2.rc2

v2.2.0.0-0.1.rc1

v2.1.2.0-1

v2.1.2.0-0.5.rc5

v2.1.2.0-0.4.rc4

v2.1.2.0-0.3.rc3

v2.1.2.0-0.2.rc2

v2.1.2.0-0.1.rc1

v2.1.1.0-1

v2.1.1.0-0.5.rc5

v2.1.1.0-0.4.rc4

v2.1.1.0-0.3.rc3

v2.1.1.0-0.2.rc2

v2.1.1.0-0.1.rc1

v2.1.0.0-1

v2.1.0.0-0.4.rc4

v2.1.0.0-0.2.rc2

v2.1.0.0-0.3.rc3

v2.1.0.0-0.1.rc1

v2.0.2.0-1

v1.9.6-1

v2.0.2.0-0.4.rc4

v2.0.2.0-0.3.rc3

v1.9.6-0.1.rc1

v2.0.2.0-0.2.rc2

v2.0.2.0-0.1.rc1

v1.9.5-1

v1.9.5-0.1.rc1

v2.0.1.0-1

v2.0.1.0-0.2.rc2

v2.0.1.0-0.1.rc1

v2.0.0.2-1

v2.0.0.1-1

v2.0.0.0-1

v2.0.0-0.9.rc4

v2.0.0-0.8.rc3

v2.0.0-0.7.rc2

v2.0.0-0.6.rc1

v2.0.0-0.5.beta3

v2.0.0-0.4.beta2

v1.9.4-1

v2.0.0-0.3.beta1

v1.9.4-0.3.rc3

v1.9.4-0.2.rc2

v1.9.4-0.1.rc1

v2.0.0-0.2.alpha2

v1.9.3-1

v2.0.0-0.1.alpha1

v1.9.3-0.3.rc3

v1.9.3-0.2.rc2

v1.9.3-0.1.rc1

v1.9.2-1

v1.9.2-0.2.rc2

v1_last

v1.9.2-0.1.rc1

v1.9.1-1

v1.9.1-0.4.rc4

v1.9.1-0.3.rc3

v1.9.1-0.2.rc2

v1.9.1-0.1.rc1

v1.9.0.1-1

v1.9.0-2

v1.9.0-1

v1.9.0-0.2.rc2

v1.9.0-0.1.rc1

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.2

v1.7.1

v1.7.0

v1.6.10

v1.6.9

v1.6.8

v1.6.7

v1.6.6

v1.6.5

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.5

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.4

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.3

v1.2.2

v1.2.1

v1.2

v1.1

v1.0

0.8

0.7.2

0.7

0.6

0.5

0.4.1

0.4

0.3.1

0.3

0.01

0.0.1

0.0.2

0.7.1

v0.9

v2.13.10

v2.13.10rc1

v2.13.11

v2.13.11rc1

v2.13.12

v2.13.12rc1

v2.13.13

v2.13.13rc1

v2.13.9

v2.13.9rc1

v2.14.10

v2.14.10rc1

v2.14.11

v2.14.11rc1

v2.14.12

v2.14.12rc1

v2.14.13

v2.14.14

v2.14.14rc1

v2.14.15

v2.14.15rc1

v2.14.16

v2.14.16rc1

v2.14.17

v2.14.17rc1

v2.14.4

v2.14.4rc1

v2.14.5

v2.14.5rc1

v2.14.6

v2.14.6rc1

v2.14.7

v2.14.7rc1

v2.14.8

v2.14.8rc1

v2.14.9

v2.14.9rc1

v2.15.0

v2.15.0b1

v2.15.0b2

v2.15.0b3

v2.15.0rc1

v2.15.0rc2

v2.15.1

v2.15.10

v2.15.10rc1

v2.15.11

v2.15.11rc1

v2.15.12

v2.15.12rc1

v2.15.1rc1

v2.15.2

v2.15.2rc1

v2.15.3

v2.15.3rc1

v2.15.4

v2.15.4rc1

v2.15.5

v2.15.5rc1

v2.15.6

v2.15.6rc1

v2.15.7

v2.15.7rc1

v2.15.8

v2.15.9

v2.15.9rc1

v2.16.0

v2.16.0b1

v2.16.0b2

v2.16.0rc1

v2.16.1

v2.16.10

v2.16.10rc1

v2.16.1rc1

v2.16.2

v2.16.3

v2.16.3rc1

v2.16.4

v2.16.4rc1

v2.16.5

v2.16.5rc1

v2.16.6

v2.16.7

v2.16.7rc1

v2.16.8

v2.16.8rc1

v2.16.9

v2.16.9rc1

v2.17.0

v2.17.0b1

v2.17.0rc1

v2.17.0rc2

v2.17.1

v2.17.1rc1

v2.17.2

v2.17.2rc1

v2.17.2rc2

v2.17.3

v2.17.3rc1

v2.5.0b2

Commit Graph

Author	SHA1	Message	Date
Lihu Ben-Ezri-Ravin	48505af9d2	Remove filtering from edgeos_config module (#63362 ) The edgeos_config module had a list of commands to filter out to avoid load failures. This list had a single regular expression which caught commands that attempted to set pre-encrypted passwords. This behavior is undesirable for a few reasons. * It's poorly documented. The documentation makes cryptic mention of a return value that some commands might be filtered out, but offers no explanation as to what they are or why. * It's hard-coded. There's no way for the user to change or disable this functionality, rendering the commands caught by that expression completely unusable with the edgeos_config module. * The obvious workaround is unsafe. The filter catches passwords that are already encrypted, but is perfectly fine letting the user set plain-text passwords. EdgeOS will encrypt them upon commit, but this module encourages unsafe handling of secrets up to that point. * It's a security vulnerability if the user doesn't know about this behavior. While the module will warn if commands are filtered, the user won't know what got filtered out until after the fact, and may easily miss that warning if they are not vigilant. For something as sensitive as setting a password, it's not hard to imagine naive use of this module resulting in incorrect credentials being deployed. * It provides no discernible benefit. Using the module without filtering does not result in load failures. If those commands are indeed harmful for some reason on (old?) versions of EdgeOS, it should be incumbent upon the user to be scrupulous in what commands they issue, rather than the module maintaining a blacklist of possible ways the user might misuse their own system.	5 years ago

Author

SHA1

Message

Date

Lihu Ben-Ezri-Ravin

48505af9d2

Remove filtering from edgeos_config module (#63362 )

The edgeos_config module had a list of commands to filter out to avoid
load failures. This list had a single regular expression which caught
commands that attempted to set pre-encrypted passwords. This behavior is
undesirable for a few reasons.

* It's poorly documented. The documentation makes cryptic mention of a
  return value that some commands might be filtered out, but offers no
  explanation as to what they are or why.

* It's hard-coded. There's no way for the user to change or disable this
  functionality, rendering the commands caught by that expression
  completely unusable with the edgeos_config module.

* The obvious workaround is unsafe. The filter catches passwords that
  are already encrypted, but is perfectly fine letting the user set
  plain-text passwords. EdgeOS will encrypt them upon commit, but this
  module encourages unsafe handling of secrets up to that point.

* It's a security vulnerability if the user doesn't know about this
  behavior. While the module will warn if commands are filtered, the
  user won't know what got filtered out until after the fact, and may
  easily miss that warning if they are not vigilant. For something as
  sensitive as setting a password, it's not hard to imagine naive use of
  this module resulting in incorrect credentials being deployed.

* It provides no discernible benefit. Using the module without filtering
  does not result in load failures. If those commands are indeed harmful
  for some reason on (old?) versions of EdgeOS, it should be incumbent
  upon the user to be scrupulous in what commands they issue, rather
  than the module maintaining a blacklist of possible ways the user
  might misuse their own system.

1 Commits (652346ad5dab7ff90406b450a636c03c734fcee3)