ansible/CVE-2021-20191.patch

From 881fde464fd8065021fd2792708e6e44ede37523 Mon Sep 17 00:00:00 2001
From: NilashishC <nilashishchakraborty8@gmail.com>
Date: Sun, 17 Jan 2021 17:47:09 +0530
Subject: [PATCH] Enable no_log for sensitive parameters in argspec

Signed-off-by: NilashishC <nilashishchakraborty8@gmail.com>
---
 lib/ansible/modules/network/nxos/nxos_aaa_server.py    | 2 +-
 lib/ansible/modules/network/nxos/nxos_pim_interface.py | 2 +-
 lib/ansible/modules/network/nxos/nxos_snmp_user.py     | 2 +-
 lib/ansible/modules/network/nxos/nxos_vrrp.py          | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/ansible/modules/network/nxos/nxos_aaa_server.py b/lib/ansible/modules/network/nxos/nxos_aaa_server.py
index 6d705a4..7f421d0 100644
--- a/lib/ansible/modules/network/nxos/nxos_aaa_server.py
+++ b/lib/ansible/modules/network/nxos/nxos_aaa_server.py
@@ -241,7 +241,7 @@ def default_aaa_server(existing, params, server_type):
 def main():
     argument_spec = dict(
         server_type=dict(type='str', choices=['radius', 'tacacs'], required=True),
-        global_key=dict(type='str'),
+        global_key=dict(type="str", no_log=True),
         encrypt_type=dict(type='str', choices=['0', '7']),
         deadtime=dict(type='str'),
         server_timeout=dict(type='str'),
diff --git a/lib/ansible/modules/network/nxos/nxos_pim_interface.py b/lib/ansible/modules/network/nxos/nxos_pim_interface.py
index fd2b17c..1b9bf0d 100644
--- a/lib/ansible/modules/network/nxos/nxos_pim_interface.py
+++ b/lib/ansible/modules/network/nxos/nxos_pim_interface.py
@@ -458,7 +458,7 @@ def main():
         interface=dict(required=True),
         sparse=dict(type='bool', default=False),
         dr_prio=dict(type='str'),
-        hello_auth_key=dict(type='str'),
+        hello_auth_key=dict(type="str", no_log=True),
         hello_interval=dict(type='int'),
         jp_policy_out=dict(type='str'),
         jp_policy_in=dict(type='str'),
diff --git a/lib/ansible/modules/network/nxos/nxos_snmp_user.py b/lib/ansible/modules/network/nxos/nxos_snmp_user.py
index 4264197..a9fcc43 100644
--- a/lib/ansible/modules/network/nxos/nxos_snmp_user.py
+++ b/lib/ansible/modules/network/nxos/nxos_snmp_user.py
@@ -245,7 +245,7 @@ def main():
     argument_spec = dict(
         user=dict(required=True, type='str'),
         group=dict(type='str'),
-        pwd=dict(type='str'),
+        pwd=dict(type="str", no_log=True),
         privacy=dict(type='str'),
         authentication=dict(choices=['md5', 'sha']),
         encrypt=dict(type='bool'),
diff --git a/lib/ansible/modules/network/nxos/nxos_vrrp.py b/lib/ansible/modules/network/nxos/nxos_vrrp.py
index b53386e..96593f7 100644
--- a/lib/ansible/modules/network/nxos/nxos_vrrp.py
+++ b/lib/ansible/modules/network/nxos/nxos_vrrp.py
@@ -319,7 +319,7 @@ def main():
         admin_state=dict(required=False, type='str',
                          choices=['shutdown', 'no shutdown'],
                          default='no shutdown'),
-        authentication=dict(required=False, type='str'),
+        authentication=dict(required=False, type="str", no_log=True),
         state=dict(choices=['absent', 'present'], required=False, default='present')
     )
     argument_spec.update(nxos_argument_spec)
-- 
2.27.0