quality/os-autoinst-distri-fedora
6
0
Fork 2
Code Issues 34 Pull requests 7 Projects Releases Packages Activity Actions 1

project.md: don't recommend type_password

Browse source 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
This commit is contained in:
Adam Williamson 2026-03-16 17:24:04 -07:00
commit cba16aa667
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.ai_review/project.md
View file

@ -146,3 +146,4 @@ schemas/ # JSON schemas for FIF and openQA template formats
## Security Concerns
- **Security not usually an issue**: These tests run on ephemeral VMs that have no private information and limited internal network access. Most variables in test code are derived from test settings defined in `templates.fif.json` or `templates-updates.fif.json`. Things like unquoted variables in shell commands are not usually a concern and should not usually be flagged. The only source of untrusted input to the tests is things accessed from the public internet during test execution.
- **Do not recommend `type_password` for non-secret passwords**: Most passwords in these tests are not secure or secret, are only valid in the context of the test anyway, and are directly specified in the templates. Do not recommend using `type_password` to type them, it is pointless. `type_password` is intended only for rare cases where genuinely secret credentials are used in tests.