python-terraform Security issue with credentials vars file leftover in /tmp/ folder

Security issue with credentials vars file leftover in /tmp/ folder

Open jayaprakashr88 opened this issue 5 years ago • 1 comments

Security issue with credentials vars file leftover in /tmp/ folder in case of error.

My environment details: Provider: OpenStack Terraform Server: 0.11.7 Python_terraform: 0.10.0

My Source Code:

    def terraform_plan(self):
        object_tf = Terraform(working_dir=self.path)
        ret_code, stdout, stderr = object_tf.plan(var={"username":"testuser","password":"xxxxx"}, var_file=vars_file)

With the above code, python terraform client creates a temporary vars file like /tmp/tmppsjFxp for the openstack credentials which gets missed to delete incase of error situation like incorrect working_dir or terraform_vars.tf is provided.

Aug 31 '18 10:08 jayaprakashr88

Thanks for this report, I will do some work around cleaning up tmp in the case of errors.

Jun 20 '19 20:06 Spikeophant

python-terraform python-terraform copied to clipboard

Security issue with credentials vars file leftover in /tmp/ folder

python-terraform
python-terraform copied to clipboard