Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide support script for adding new test subject #817

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Provide support script for adding new test subject #817

wants to merge 3 commits into from

Conversation

mbuechse
Copy link
Contributor

@mbuechse mbuechse commented Nov 8, 2024

Resolves #816

@mbuechse
Provide support script for adding new test subject
435b6a4 
Resolves #816

Signed-off-by: Matthias Büchse <[email protected]>
@mbuechse
amendment
be27f25 
Signed-off-by: Matthias Büchse <[email protected]>
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 8, 2024
View reviewed changes
Tests/add_subject.py
token = base64.b64encode(f"{subject}:{password}".encode('utf-8'))
hash_ = CRYPTCTX.hash(password)
with open(tokenfile_path, "wb") as fileobj:
fileobj.write(token)

Check failure

Code scanning / CodeQL

Clear-text storage of sensitive information High

This expression stores
sensitive data (password)
Loading
as clear text.

Copilot Autofix AI 8 days ago

To fix the problem, we need to ensure that the password is encrypted before being stored in the token file. We can use the cryptography library to encrypt the password before encoding it in base64 and writing it to the file. This will ensure that the password is not stored in clear text.

  1. Import the necessary modules from the cryptography library.
  2. Generate a key for encryption.
  3. Encrypt the password using the generated key.
  4. Encode the encrypted password in base64 and store it in the token file.
Suggested changeset 1
Tests/add_subject.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/Tests/add_subject.py b/Tests/add_subject.py
--- a/Tests/add_subject.py
+++ b/Tests/add_subject.py
@@ -8,2 +8,3 @@
 import base64
+from cryptography.fernet import Fernet
 import getpass
@@ -50,3 +51,6 @@
         print("No match. Try again...")
-    token = base64.b64encode(f"{subject}:{password}".encode('utf-8'))
+    key = Fernet.generate_key()
+    cipher_suite = Fernet(key)
+    encrypted_password = cipher_suite.encrypt(password.encode('utf-8'))
+    token = base64.b64encode(f"{subject}:{encrypted_password.decode('utf-8')}".encode('utf-8'))
     hash_ = CRYPTCTX.hash(password)
@@ -54,2 +58,4 @@
         fileobj.write(token)
+    fileobj.write(b'\n')
+    fileobj.write(key)
     print("Creating key file using `ssh-keygen`...")
EOF
@@ -8,2 +8,3 @@
import base64
from cryptography.fernet import Fernet
import getpass
@@ -50,3 +51,6 @@
print("No match. Try again...")
token = base64.b64encode(f"{subject}:{password}".encode('utf-8'))
key = Fernet.generate_key()
cipher_suite = Fernet(key)
encrypted_password = cipher_suite.encrypt(password.encode('utf-8'))
token = base64.b64encode(f"{subject}:{encrypted_password.decode('utf-8')}".encode('utf-8'))
hash_ = CRYPTCTX.hash(password)
@@ -54,2 +58,4 @@
fileobj.write(token)
fileobj.write(b'\n')
fileobj.write(key)
print("Creating key file using `ssh-keygen`...")
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Erm what? And the key? Where am I storing the key???

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without spending an hour to understand what's required here, I can not comment on this, sorry.
If we can avoid storing sensitive data in plaintext, we should of course. I have no idea whether or not that is possible without major effort. If we need to store it, we should adjust the permissions / umask to 0600 (rw-------).

@mbuechse
Acquiesce flake8
560fba3 
Signed-off-by: Matthias Büchse <[email protected]>
garloff
garloff reviewed Nov 8, 2024
View reviewed changes
Tests/add_subject.py
print(str(e), file=sys.stderr)
sys.exit(1)
except KeyboardInterrupt:
print("Interrupted", file=sys.stderr)
Copy link
Member

@garloff garloff Nov 8, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add sys.exit(128+signal.SIGINT) here?
(Needs an import signal then of course.)
This would make the exit code the same that you get if you did not catch the exception ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@garloff garloff garloff left review comments

@martinmo martinmo Awaiting requested review from martinmo

@gtema gtema Awaiting requested review from gtema

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Feature Request] Provide support scripts for parties interested in submitting test reports
2 participants
@mbuechse @garloff