Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: a more comprehensive env.denylist #24540

Merged
merged 6 commits into from
Nov 22, 2024
Merged

security: a more comprehensive env.denylist #24540

merged 6 commits into from
Nov 22, 2024

Conversation

pkazmierczak
Copy link
Contributor

@pkazmierczak pkazmierczak commented Nov 22, 2024
edited
Loading

Description

Our env.denylist should by default be more comprehensive.

Links

Internal reference: https://hashicorp.atlassian.net/browse/SECVULN-14555

Contributor Checklist

  • Changelog Entry If this PR changes user-facing behavior, please generate and add a
    changelog entry using the make cl command.
  • Testing Please add tests to cover any new functionality or to demonstrate bug fixes and
    ensure regressions will be caught.
  • Documentation If the change impacts user-facing functionality such as the CLI, API, UI,
    and job configuration, please update the Nomad website documentation to reflect this. Refer to
    the website README for docs guidelines. Please also consider whether the
    change requires notes within the upgrade guide.

Reviewer Checklist

  • Backport Labels Please add the correct backport labels as described by the internal
    backporting document.
  • Commit Type Ensure the correct merge method is selected which should be "squash and merge"
    in the majority of situations. The main exceptions are long-lived feature branches or merges where
    history should be preserved.
  • Enterprise PRs If this is an enterprise only PR, please add any required changelog entry
    within the public repository.

@pkazmierczak pkazmierczak marked this pull request as ready for review November 22, 2024 15:28
@pkazmierczak pkazmierczak requested review from a team as code owners November 22, 2024 15:28
@pkazmierczak pkazmierczak self-assigned this Nov 22, 2024
@pkazmierczak pkazmierczak requested review from tgross and dduzgun-security and removed request for tgross November 22, 2024 15:28
@pkazmierczak pkazmierczak added backport/ent/1.7.x+ent Changes are backported to 1.7.x+ent backport/ent/1.8.x+ent Changes are backported to 1.8.x+ent backport/1.9.x backport to 1.9.x release line labels Nov 22, 2024
@pkazmierczak
Copy link
Contributor Author

Ugh, I only noticed https://github.com/hashicorp/nomad-enterprise/pull/1361 now 🤦‍♂️
Will take a look there and catch up on the discussion.

dduzgun-security
dduzgun-security approved these changes Nov 22, 2024
View reviewed changes
Copy link
Collaborator

@dduzgun-security dduzgun-security left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great 🙌

gulducat
gulducat approved these changes Nov 22, 2024
View reviewed changes
Copy link
Member

@gulducat gulducat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔐

website/content/docs/configuration/client.mdx Show resolved Hide resolved
command/agent/host/host_test.go Show resolved Hide resolved
.changelog/24540.txt Outdated Show resolved Hide resolved
@pkazmierczak pkazmierczak merged commit 368241d into main Nov 22, 2024
28 checks passed
@pkazmierczak pkazmierczak deleted the f-sensitive-env-vars branch November 22, 2024 17:54
@hc-github-team-nomad-core hc-github-team-nomad-core mentioned this pull request Nov 22, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gulducat gulducat gulducat approved these changes

@dduzgun-security dduzgun-security dduzgun-security approved these changes

Assignees

@pkazmierczak pkazmierczak

Labels
backport/ent/1.7.x+ent Changes are backported to 1.7.x+ent backport/ent/1.8.x+ent Changes are backported to 1.8.x+ent backport/1.9.x backport to 1.9.x release line
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pkazmierczak @gulducat @dduzgun-security