MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-01-11 15:03:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

Do not send envVars in ServerInfo() (#4422)

Browse Source 
Sending envVars along with access and secret
exposes the entire minio server's sensitive
information. This will be an unexpected
situation for all users.

If at all we need to look for things like if
credentials are set through env, we should
only have access to only this information
not the entire set of system envs.
This commit is contained in:
Harshavardhana 2017-05-24 21:09:23 -07:00 committed by GitHub
parent 99ca8a2928
commit b78f6fbcc5
6 changed files with 40 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -124,7 +124,7 @@ test: build
@echo "Done." @echo "Done."
coverage: build coverage: build
@echo -n "Running all coverage for minio: " @echo "Running all coverage for minio: "
@./buildscripts/go-coverage.sh @./buildscripts/go-coverage.sh
@echo "Done." @echo "Done."

2
browser/app/js/components/Browse.js
View File

@ -68,7 +68,7 @@ export default class Browse extends React.Component {
memory: res.MinioMemory, memory: res.MinioMemory,
platform: res.MinioPlatform, platform: res.MinioPlatform,
runtime: res.MinioRuntime, runtime: res.MinioRuntime,
envVars: res.MinioEnvVars info: res.MinioGlobalInfo
}) })
dispatch(actions.setServerInfo(serverInfo)) dispatch(actions.setServerInfo(serverInfo))
}) })

21
browser/app/js/components/SettingsModal.js
View File

@ -34,23 +34,12 @@ class SettingsModal extends React.Component {
let accessKeyEnv = '' let accessKeyEnv = ''
let secretKeyEnv = '' let secretKeyEnv = ''
// Check environment variables first. They may or may not have been // Check environment variables first.
// loaded already; they load in Browse#componentDidMount. if (serverInfo.info.isEnvCreds) {
if (serverInfo.envVars) {
serverInfo.envVars.forEach(envVar => {
let keyVal = envVar.split('=')
if (keyVal[0] == 'MINIO_ACCESS_KEY') {
accessKeyEnv = keyVal[1]
} else if (keyVal[0] == 'MINIO_SECRET_KEY') {
secretKeyEnv = keyVal[1]
}
})
}
if (accessKeyEnv != '' || secretKeyEnv != '') {
dispatch(actions.setSettings({ dispatch(actions.setSettings({
accessKey: accessKeyEnv, accessKey: 'xxxxxxxxx',
secretKey: secretKeyEnv, secretKey: 'xxxxxxxxx',
keysReadOnly: true keysReadOnly: true
})) }))
} else { } else {
web.GetAuth() web.GetAuth()

22
cmd/globals.go
View File

@ -64,6 +64,7 @@ var (
// This flag is set to 'true' by default // This flag is set to 'true' by default
globalIsBrowserEnabled = true globalIsBrowserEnabled = true
// This flag is set to 'true' when MINIO_BROWSER env is set. // This flag is set to 'true' when MINIO_BROWSER env is set.
globalIsEnvBrowser = false globalIsEnvBrowser = false
@ -72,6 +73,7 @@ var (
// This flag is set to 'true' wen MINIO_REGION env is set. // This flag is set to 'true' wen MINIO_REGION env is set.
globalIsEnvRegion = false globalIsEnvRegion = false
// This flag is set to 'us-east-1' by default // This flag is set to 'us-east-1' by default
globalServerRegion = globalMinioDefaultRegion globalServerRegion = globalMinioDefaultRegion
@ -128,3 +130,23 @@ var (
colorBold = color.New(color.Bold).SprintFunc() colorBold = color.New(color.Bold).SprintFunc()
colorBlue = color.New(color.FgBlue).SprintfFunc() colorBlue = color.New(color.FgBlue).SprintfFunc()
) )
// Returns minio global information, as a key value map.
// returned list of global values is not an exhaustive
// list. Feel free to add new relevant fields.
func getGlobalInfo() (globalInfo map[string]interface{}) {
globalInfo = map[string]interface{}{
"isDistXL": globalIsDistXL,
"isXL": globalIsXL,
"isBrowserEnabled": globalIsBrowserEnabled,
"isEnvBrowser": globalIsEnvBrowser,
"isEnvCreds": globalIsEnvCreds,
"isEnvRegion": globalIsEnvRegion,
"isSSL": globalIsSSL,
"serverRegion": globalServerRegion,
"serverUserAgent": globalServerUserAgent,
// Add more relevant global settings here.
}
return globalInfo
}

14
cmd/web-handlers.go
View File

@ -50,12 +50,12 @@ type WebGenericRep struct {
// ServerInfoRep - server info reply. // ServerInfoRep - server info reply.
type ServerInfoRep struct { type ServerInfoRep struct {
MinioVersion string MinioVersion string
MinioMemory string MinioMemory string
MinioPlatform string MinioPlatform string
MinioRuntime string MinioRuntime string
MinioEnvVars []string MinioGlobalInfo map[string]interface{}
UIVersion string `json:"uiVersion"` UIVersion string `json:"uiVersion"`
} }
// ServerInfo - get server info. // ServerInfo - get server info.
@ -80,8 +80,8 @@ func (web *webAPIHandlers) ServerInfo(r *http.Request, args *WebGenericArgs, rep
runtime.GOARCH) runtime.GOARCH)
goruntime := fmt.Sprintf("Version: %s | CPUs: %s", runtime.Version(), strconv.Itoa(runtime.NumCPU())) goruntime := fmt.Sprintf("Version: %s | CPUs: %s", runtime.Version(), strconv.Itoa(runtime.NumCPU()))
reply.MinioEnvVars = os.Environ()
reply.MinioVersion = Version reply.MinioVersion = Version
reply.MinioGlobalInfo = getGlobalInfo()
reply.MinioMemory = mem reply.MinioMemory = mem
reply.MinioPlatform = platform reply.MinioPlatform = platform
reply.MinioRuntime = goruntime reply.MinioRuntime = goruntime

4
cmd/web-handlers_test.go
View File

@ -236,6 +236,10 @@ func testServerInfoWebHandler(obj ObjectLayer, instanceType string, t TestErrHan
if serverInfoReply.MinioVersion != Version { if serverInfoReply.MinioVersion != Version {
t.Fatalf("Cannot get minio version from server info handler") t.Fatalf("Cannot get minio version from server info handler")
} }
globalInfo := getGlobalInfo()
if !reflect.DeepEqual(serverInfoReply.MinioGlobalInfo, globalInfo) {
t.Fatalf("Global info did not match got %#v, expected %#v", serverInfoReply.MinioGlobalInfo, globalInfo)
}
} }
// Wrapper for calling MakeBucket Web Handler // Wrapper for calling MakeBucket Web Handler