HomePhabricator

[land-bot] Fix a bug where the unencrypted CONDUIT_TOKEN could be logged by…

Description

[land-bot] Fix a bug where the unencrypted CONDUIT_TOKEN could be logged by subshells

Summary:
The caller provides their Conduit token so that land-bot can land the change as them.
Since this token is secret, we need to ensure it cannot be accidentally logged by subshells.

This also prevents malicious patches from stealing CONDUIT_TOKEN, though there's unlikely to
be a realizable attack vector here since the token is supplied by the caller in the first place.

Test Plan:
First, see D5930 for reference.

CONDUIT_TOKEN=my-secret-token ./land-patch --dry-run -r D5930

Pre-patch, observe this output in the log:

+ echo my-secret-token

Post-patch, observe this output in the log:

CONDUIT_TOKEN: unbound variable

Reviewers: #bitcoin_abc, Fabien

Reviewed By: #bitcoin_abc, Fabien

Differential Revision: https://reviews.bitcoinabc.org/D5931

Details

Provenance
jasonbcoxAuthored on Apr 29 2020, 18:04
majcostaPushed on May 4 2020, 15:56
Reviewer
Restricted Project
Differential Revision
D5931: [land-bot] Fix a bug where the unencrypted CONDUIT_TOKEN could be logged by subshells
Parents
rSTAGINGeffcdf625e49: Clear mock time between tests
Branches
Unknown
Tags
Unknown
References
tag: phabricator/base/19404