IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipatests: Test to check password leak in apache error log

Browse Source 
Host enrollment with OTP used to log the password in cleartext
to apache error log. This test ensures that the password should
not be log in cleartext.

related: https://pagure.io/freeipa/issue/8017

Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Mohammad Rizwan Yusuf 2020-04-16 16:40:11 +05:30 committed by Rob Crittenden
parent 3a64ac08e1
commit 2c54609d73
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
ipatests/test_integration/test_commands.py
View File

@ -523,6 +523,28 @@ class TestIPACommand(IntegrationTest):
raiseonerr=False) raiseonerr=False)
assert result.returncode == 0 assert result.returncode == 0
def test_cleartext_password_httpd_log(self):
"""Test to check password leak in apache error log
Host enrollment with OTP used to log the password in cleartext
to apache error log. This test ensures that the password should
not be log in cleartext.
related: https://pagure.io/freeipa/issue/8017
"""
hostname = 'test.{}'.format(self.master.domain.name)
passwd = 'Secret123'
self.master.run_command(['ipa', 'host-add', '--force',
hostname, '--password', passwd])
# remove added host i.e cleanup
self.master.run_command(['ipa', 'host-del', hostname])
result = self.master.run_command(['grep', hostname,
paths.VAR_LOG_HTTPD_ERROR])
assert passwd not in result.stdout_text
def test_change_selinuxusermaporder(self): def test_change_selinuxusermaporder(self):
""" """
An update file meant to ensure a more sane default was An update file meant to ensure a more sane default was