forked from pool/cloud-init
Robert Schweikert
6b35b75868
+ Add hidesensitivedata + Add cloud-init-cve-2023-1786-redact-inst-data.patch + Do not expose sensitive data gathered from the CSP OBS-URL: https://build.opensuse.org/package/show/Cloud:Tools/cloud-init?expand=0&rev=207
37 lines
853 B
Python
37 lines
853 B
Python
#!/usr/bin/python3
|
|
|
|
import json
|
|
import os
|
|
import sys
|
|
|
|
from pathlib import Path
|
|
|
|
from cloudinit.atomic_helper import write_json
|
|
from cloudinit.sources import (
|
|
DataSource,
|
|
process_instance_metadata,
|
|
redact_sensitive_keys,
|
|
)
|
|
|
|
from cloudinit.stages import Init
|
|
|
|
init = Init()
|
|
log_file = init.cfg["def_log_file"]
|
|
if os.path.exists(log_file):
|
|
os.chmod(log_file, 0o640)
|
|
|
|
rundir = init.paths.run_dir
|
|
instance_data_path = Path(rundir, "instance-data.json")
|
|
if not os.path.exists(str(instance_data_path)):
|
|
sys.exit(0)
|
|
instance_json = json.load(instance_data_path.open(encoding="utf-8"))
|
|
|
|
sensitive_keys = DataSource.sensitive_metadata_keys
|
|
|
|
processed_json = process_instance_metadata(
|
|
instance_json, sensitive_keys=sensitive_keys
|
|
)
|
|
redacted_json = redact_sensitive_keys(processed_json)
|
|
|
|
write_json(str(instance_data_path), redacted_json)
|