mirror of
https://github.com/minio/minio.git
synced 2025-01-11 15:03:22 -05:00
Do not send envVars in ServerInfo() (#4422)
Sending envVars along with access and secret exposes the entire minio server's sensitive information. This will be an unexpected situation for all users. If at all we need to look for things like if credentials are set through env, we should only have access to only this information not the entire set of system envs.
This commit is contained in:
parent
99ca8a2928
commit
b78f6fbcc5
2
Makefile
2
Makefile
@ -124,7 +124,7 @@ test: build
|
||||
@echo "Done."
|
||||
|
||||
coverage: build
|
||||
@echo -n "Running all coverage for minio: "
|
||||
@echo "Running all coverage for minio: "
|
||||
@./buildscripts/go-coverage.sh
|
||||
@echo "Done."
|
||||
|
||||
|
@ -68,7 +68,7 @@ export default class Browse extends React.Component {
|
||||
memory: res.MinioMemory,
|
||||
platform: res.MinioPlatform,
|
||||
runtime: res.MinioRuntime,
|
||||
envVars: res.MinioEnvVars
|
||||
info: res.MinioGlobalInfo
|
||||
})
|
||||
dispatch(actions.setServerInfo(serverInfo))
|
||||
})
|
||||
|
@ -34,22 +34,11 @@ class SettingsModal extends React.Component {
|
||||
|
||||
let accessKeyEnv = ''
|
||||
let secretKeyEnv = ''
|
||||
// Check environment variables first. They may or may not have been
|
||||
// loaded already; they load in Browse#componentDidMount.
|
||||
if (serverInfo.envVars) {
|
||||
serverInfo.envVars.forEach(envVar => {
|
||||
let keyVal = envVar.split('=')
|
||||
if (keyVal[0] == 'MINIO_ACCESS_KEY') {
|
||||
accessKeyEnv = keyVal[1]
|
||||
} else if (keyVal[0] == 'MINIO_SECRET_KEY') {
|
||||
secretKeyEnv = keyVal[1]
|
||||
}
|
||||
})
|
||||
}
|
||||
if (accessKeyEnv != '' || secretKeyEnv != '') {
|
||||
// Check environment variables first.
|
||||
if (serverInfo.info.isEnvCreds) {
|
||||
dispatch(actions.setSettings({
|
||||
accessKey: accessKeyEnv,
|
||||
secretKey: secretKeyEnv,
|
||||
accessKey: 'xxxxxxxxx',
|
||||
secretKey: 'xxxxxxxxx',
|
||||
keysReadOnly: true
|
||||
}))
|
||||
} else {
|
||||
|
@ -64,6 +64,7 @@ var (
|
||||
|
||||
// This flag is set to 'true' by default
|
||||
globalIsBrowserEnabled = true
|
||||
|
||||
// This flag is set to 'true' when MINIO_BROWSER env is set.
|
||||
globalIsEnvBrowser = false
|
||||
|
||||
@ -72,6 +73,7 @@ var (
|
||||
|
||||
// This flag is set to 'true' wen MINIO_REGION env is set.
|
||||
globalIsEnvRegion = false
|
||||
|
||||
// This flag is set to 'us-east-1' by default
|
||||
globalServerRegion = globalMinioDefaultRegion
|
||||
|
||||
@ -128,3 +130,23 @@ var (
|
||||
colorBold = color.New(color.Bold).SprintFunc()
|
||||
colorBlue = color.New(color.FgBlue).SprintfFunc()
|
||||
)
|
||||
|
||||
// Returns minio global information, as a key value map.
|
||||
// returned list of global values is not an exhaustive
|
||||
// list. Feel free to add new relevant fields.
|
||||
func getGlobalInfo() (globalInfo map[string]interface{}) {
|
||||
globalInfo = map[string]interface{}{
|
||||
"isDistXL": globalIsDistXL,
|
||||
"isXL": globalIsXL,
|
||||
"isBrowserEnabled": globalIsBrowserEnabled,
|
||||
"isEnvBrowser": globalIsEnvBrowser,
|
||||
"isEnvCreds": globalIsEnvCreds,
|
||||
"isEnvRegion": globalIsEnvRegion,
|
||||
"isSSL": globalIsSSL,
|
||||
"serverRegion": globalServerRegion,
|
||||
"serverUserAgent": globalServerUserAgent,
|
||||
// Add more relevant global settings here.
|
||||
}
|
||||
|
||||
return globalInfo
|
||||
}
|
||||
|
@ -54,7 +54,7 @@ type ServerInfoRep struct {
|
||||
MinioMemory string
|
||||
MinioPlatform string
|
||||
MinioRuntime string
|
||||
MinioEnvVars []string
|
||||
MinioGlobalInfo map[string]interface{}
|
||||
UIVersion string `json:"uiVersion"`
|
||||
}
|
||||
|
||||
@ -80,8 +80,8 @@ func (web *webAPIHandlers) ServerInfo(r *http.Request, args *WebGenericArgs, rep
|
||||
runtime.GOARCH)
|
||||
goruntime := fmt.Sprintf("Version: %s | CPUs: %s", runtime.Version(), strconv.Itoa(runtime.NumCPU()))
|
||||
|
||||
reply.MinioEnvVars = os.Environ()
|
||||
reply.MinioVersion = Version
|
||||
reply.MinioGlobalInfo = getGlobalInfo()
|
||||
reply.MinioMemory = mem
|
||||
reply.MinioPlatform = platform
|
||||
reply.MinioRuntime = goruntime
|
||||
|
@ -236,6 +236,10 @@ func testServerInfoWebHandler(obj ObjectLayer, instanceType string, t TestErrHan
|
||||
if serverInfoReply.MinioVersion != Version {
|
||||
t.Fatalf("Cannot get minio version from server info handler")
|
||||
}
|
||||
globalInfo := getGlobalInfo()
|
||||
if !reflect.DeepEqual(serverInfoReply.MinioGlobalInfo, globalInfo) {
|
||||
t.Fatalf("Global info did not match got %#v, expected %#v", serverInfoReply.MinioGlobalInfo, globalInfo)
|
||||
}
|
||||
}
|
||||
|
||||
// Wrapper for calling MakeBucket Web Handler
|
||||
|
Loading…
Reference in New Issue
Block a user