Remove credentials scrubbing from caching synced folders

Passwords are (and should) never stored be as part of folder data. I think there is also a case to be made about desensitizes information here can lead to leaking of credentials. For example if an exported folder is named "vagrant" and the users password is "vagrant", the synced_folder cache will show "****" in place of the folder name, indicating that it is also password.
2020-08-19 17:43:22 -05:00 · 2020-08-19 17:43:22 -05:00 · bb5d0e9c28
commit bb5d0e9c28
parent 27b37ea838
2 changed files with 0 additions and 34 deletions
--- a/lib/vagrant/action/builtin/mixin_synced_folders.rb
+++ b/lib/vagrant/action/builtin/mixin_synced_folders.rb
@ -99,10 +99,6 @@ module Vagrant

          folder_data = JSON.dump(folders)

-          # Scrub any register credentials from the synced folders
-          # configuration data to prevent accidental leakage
-          folder_data = Util::CredentialScrubber.desensitize(folder_data)
-
          machine.data_dir.join("synced_folders").open("w") do |f|
            f.write(folder_data)
          end
--- a/test/unit/vagrant/action/builtin/mixin_synced_folders_test.rb
+++ b/test/unit/vagrant/action/builtin/mixin_synced_folders_test.rb
@ -273,11 +273,6 @@ describe Vagrant::Action::Builtin::MixinSyncedFolders do
      subject.save_synced_folders(machine, folders, options)
    end

-    it "should call credential scrubber before writing file" do
-      expect(Vagrant::Util::CredentialScrubber).to receive(:desensitize).and_call_original
-      subject.save_synced_folders(machine, folders, options)
-    end
-
    context "when folder data is defined" do
      let(:folders) {
        {"root" => {
@ -288,31 +283,6 @@ describe Vagrant::Action::Builtin::MixinSyncedFolders do
        expect(output_file).to receive(:write).with(JSON.dump(folders))
        subject.save_synced_folders(machine, folders, options)
      end
-
-      context "when folder data configuration includes sensitive data" do
-        let(:password) { "VAGRANT_TEST_PASSWORD" }
-
-        before do
-          folders["root"][:folder_password] = password
-          Vagrant::Util::CredentialScrubber.sensitive(password)
-        end
-
-        after { Vagrant::Util::CredentialScrubber.unsensitive(password) }
-
-        it "should not include password when writing file" do
-          expect(output_file).to receive(:write) do |content|
-            expect(content).not_to include(password)
-          end
-          subject.save_synced_folders(machine, folders, options)
-        end
-
-        it "should mask password content when writing file" do
-          expect(output_file).to receive(:write) do |content|
-            expect(content).to include(Vagrant::Util::CredentialScrubber::REPLACEMENT_TEXT)
-          end
-          subject.save_synced_folders(machine, folders, options)
-        end
-      end
    end
  end