From bb5d0e9c288a4170a61384a9afbdb3f7abb6c653 Mon Sep 17 00:00:00 2001
From: sophia <scastellarin95@gmail.com>
Date: Wed, 19 Aug 2020 17:43:22 -0500
Subject: [PATCH] Remove credentials scrubbing from caching synced folders

Passwords are (and should) never stored be as part of folder data.
I think there is also a case to be made about desensitizes
information here can lead to leaking of credentials. For example if
an exported folder is named "vagrant" and the users password is
"vagrant", the synced_folder cache will show "****" in place of the
folder name, indicating that it is also password.
---
 .../action/builtin/mixin_synced_folders.rb    |  4 ---
 .../builtin/mixin_synced_folders_test.rb      | 30 -------------------
 2 files changed, 34 deletions(-)

diff --git a/lib/vagrant/action/builtin/mixin_synced_folders.rb b/lib/vagrant/action/builtin/mixin_synced_folders.rb
index 1209f5d69..4fa8dc453 100644
--- a/lib/vagrant/action/builtin/mixin_synced_folders.rb
+++ b/lib/vagrant/action/builtin/mixin_synced_folders.rb
@@ -99,10 +99,6 @@ module Vagrant
 
           folder_data = JSON.dump(folders)
 
-          # Scrub any register credentials from the synced folders
-          # configuration data to prevent accidental leakage
-          folder_data = Util::CredentialScrubber.desensitize(folder_data)
-
           machine.data_dir.join("synced_folders").open("w") do |f|
             f.write(folder_data)
           end
diff --git a/test/unit/vagrant/action/builtin/mixin_synced_folders_test.rb b/test/unit/vagrant/action/builtin/mixin_synced_folders_test.rb
index e07223753..55ebc5924 100644
--- a/test/unit/vagrant/action/builtin/mixin_synced_folders_test.rb
+++ b/test/unit/vagrant/action/builtin/mixin_synced_folders_test.rb
@@ -273,11 +273,6 @@ describe Vagrant::Action::Builtin::MixinSyncedFolders do
       subject.save_synced_folders(machine, folders, options)
     end
 
-    it "should call credential scrubber before writing file" do
-      expect(Vagrant::Util::CredentialScrubber).to receive(:desensitize).and_call_original
-      subject.save_synced_folders(machine, folders, options)
-    end
-
     context "when folder data is defined" do
       let(:folders) {
         {"root" => {
@@ -288,31 +283,6 @@ describe Vagrant::Action::Builtin::MixinSyncedFolders do
         expect(output_file).to receive(:write).with(JSON.dump(folders))
         subject.save_synced_folders(machine, folders, options)
       end
-
-      context "when folder data configuration includes sensitive data" do
-        let(:password) { "VAGRANT_TEST_PASSWORD" }
-
-        before do
-          folders["root"][:folder_password] = password
-          Vagrant::Util::CredentialScrubber.sensitive(password)
-        end
-
-        after { Vagrant::Util::CredentialScrubber.unsensitive(password) }
-
-        it "should not include password when writing file" do
-          expect(output_file).to receive(:write) do |content|
-            expect(content).not_to include(password)
-          end
-          subject.save_synced_folders(machine, folders, options)
-        end
-
-        it "should mask password content when writing file" do
-          expect(output_file).to receive(:write) do |content|
-            expect(content).to include(Vagrant::Util::CredentialScrubber::REPLACEMENT_TEXT)
-          end
-          subject.save_synced_folders(machine, folders, options)
-        end
-      end
     end
   end