Don't log sensitive data in compute log file.

Sanitize run_instance's admin_password argument from nova.rpc 'received' debug logging. Fixes bug 915025. Sanitize new_pass from set_admin_password. Fixes bug 920687. Manually merged from: ccbc940 fa10e7a Change-Id: I3af8263f88ef2e68d5d7f6d8c4824737fffcf461
openstack · Feb 11, 2012 · 552a53d · 552a53d
1 parent d064c44
commit 552a53d
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 2 deletions.
diff --git a/Authors b/Authors
@@ -110,6 +110,7 @@ Ricardo Carrillo Cruz <emaildericky@gmail.com>
 Rick Clark <rick@openstack.org>
 Rick Harris <rconradharris@gmail.com>
 Rob Kost <kost@isi.edu>
+Russell Bryant <rbryant@redhat.com>
 Ryan Lane <rlane@wikimedia.org>
 Ryan Lucio <rlucio@internap.com>
 Ryu Ishimoto <ryu@midokura.jp>

diff --git a/nova/rpc/common.py b/nova/rpc/common.py
@@ -1,3 +1,5 @@
+import copy
+
 from nova import exception
 from nova import flags
 from nova import log as logging
@@ -27,3 +29,22 @@ def __init__(self, exc_type, value, traceback):
         super(RemoteError, self).__init__('%s %s\n%s' % (exc_type,
                                                          value,
                                                          traceback))
+
+
+def _safe_log(log_func, msg, msg_data):
+    """Sanitizes the msg_data field before logging."""
+    SANITIZE = {
+                'set_admin_password': ('new_pass',),
+                'run_instance': ('admin_password',),
+               }
+    method = msg_data['method']
+    if method in SANITIZE:
+        msg_data = copy.deepcopy(msg_data)
+        args_to_sanitize = SANITIZE[method]
+        for arg in args_to_sanitize:
+            try:
+                msg_data['args'][arg] = "<SANITIZED>"
+            except KeyError:
+                pass
+
+    return log_func(msg, msg_data)
diff --git a/nova/rpc/impl_carrot.py b/nova/rpc/impl_carrot.py
@@ -43,6 +43,7 @@
 from nova import exception
 from nova import fakerabbit
 from nova import flags
+import nova.rpc.common as rpc_common
 from nova.rpc.common import RemoteError, LOG
 
 # Needed for tests
@@ -252,7 +253,7 @@ def process_data(self, message_data, message):
         Example: {'method': 'echo', 'args': {'value': 42}}
 
         """
-        LOG.debug(_('received %s') % message_data)
+        rpc_common._safe_log(LOG.debug, _('received %s'), message_data)
         # This will be popped off in _unpack_context
         msg_id = message_data.get('_msg_id', None)
         ctxt = _unpack_context(message_data)

diff --git a/nova/rpc/impl_kombu.py b/nova/rpc/impl_kombu.py
@@ -33,6 +33,7 @@
 from nova import context
 from nova import exception
 from nova import flags
+import nova.rpc.common as rpc_common
 from nova.rpc.common import RemoteError, LOG
 
 # Needed for tests
@@ -597,7 +598,7 @@ def __call__(self, message_data):
         Example: {'method': 'echo', 'args': {'value': 42}}
 
         """
-        LOG.debug(_('received %s') % message_data)
+        rpc_common._safe_log(LOG.debug, _('received %s'), message_data)
         ctxt = _unpack_context(message_data)
         method = message_data.get('method')
         args = message_data.get('args', {})