Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not log sensitive property value if JsonConfigurator fails to parse #11787

Merged
merged 3 commits into from
Oct 9, 2021
Merged

Do not log sensitive property value if JsonConfigurator fails to parse #11787

merged 3 commits into from
Oct 9, 2021

Conversation

kfaraz
Copy link
Contributor

@kfaraz kfaraz commented Oct 8, 2021
edited
Loading

Description

If a password or other sensitive information starting with a { or [ character
is specified as a property value, JsonConfigurator tries to parse it as a json
object and fails. The subsequent logs expose this sensitive information.

For example, a password starting with [ such as below

druid.escalator.internalClientPassword=[%thisisreallymypassword

would produce the following logs

2021-10-08T04:06:38,334 INFO [main] org.apache.druid.guice.JsonConfigurator - Unable to parse [druid.escalator.internalClientPassword]=[[%thisisreallymypassword] as a json object, using as is.
com.fasterxml.jackson.core.JsonParseException: Unexpected character (‘%’ (code 37)): expected a valid value (JSON String, Number, Array, Object or token ‘null’, ‘true’ or ‘false’)
 at [Source: (String)“[%thisisreallymypassword”; line: 1, column: 3]

This PR avoids logging the property value as well as the exception message as these
might contain the sensitive information (e.g. password) which could not be parsed.

This PR has:

  • been self-reviewed.
  • added documentation for new or modified features or behaviors.
  • added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
  • added or updated version, license, or notice information in licenses.yaml
  • added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
  • added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
  • added integration tests.
  • been tested in a test Druid cluster.

clintropolis
clintropolis approved these changes Oct 8, 2021
View reviewed changes
Copy link
Member

@clintropolis clintropolis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@clintropolis
Copy link
Member

Ah this is failing CI because of coverage. I think we can skip CI because this is just a log line being adjusted here

@abhishekagarwal87
Copy link
Contributor

CI failures is unrelated. Merging this PR. Thank you @kfaraz

@abhishekagarwal87 abhishekagarwal87 merged commit 7352c83 into apache:master Oct 9, 2021
gianm pushed a commit that referenced this pull request Dec 10, 2021
@kfaraz @gianm
Do not log sensitive property value if JsonConfigurator fails to parse (
8021357 
#11787)

* Do not log property value if JsonConfigurator fails to parse

* Add comment to explain log change

* Fix log language
@jihoonson jihoonson added this to the 0.22.1 milestone Dec 10, 2021
@jihoonson jihoonson mentioned this pull request Dec 10, 2021
Closed
@kfaraz kfaraz deleted the hide_pass_config_parse branch August 1, 2023 04:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clintropolis clintropolis clintropolis approved these changes

@jihoonson jihoonson jihoonson approved these changes

Assignees
No one assigned
Labels
Area - Operations Security
Projects
None yet
Milestone
0.22.1
Development

Successfully merging this pull request may close these issues.
4 participants
@kfaraz @clintropolis @abhishekagarwal87 @jihoonson