Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

input/outputFilterSensitiveLog logs entire inputs and outputs of S3 object commands #6101

Closed
3 tasks done
carera opened this issue May 16, 2024 · 5 comments
Closed
3 tasks done

input/outputFilterSensitiveLog logs entire inputs and outputs of S3 object commands #6101

carera opened this issue May 16, 2024 · 5 comments
Labels
bug This issue is a bug. closed-for-staleness response-requested Waiting on additional info and feedback. Will move to \"closing-soon\" in 7 days. service-api This issue is due to a problem in a service API, not the SDK implementation.

Comments

@carera
Copy link

carera commented May 16, 2024
edited

Checkboxes for prior research

Describe the bug

When for example s3Client is passed a logger, it will log absolutely everything, including input and output data. For example, if I try to upload a 20GB file to S3, it is also fully printed out via the logger.

SDK version number

@aws-sdk/client-s3@3.576.0

Which JavaScript Runtime is this issue in?

Node.js

Details of the browser/Node.js/ReactNative version

v20.12.1

Reproduction Steps

Consider the following code:

import { PutObjectCommand, S3Client } from '@aws-sdk/client-s3';
import pino from 'pino';

const s3Config = {
  region,
  endpoint,
  logger: pino({ name: 'logger' }),
  forcePathStyle: true,
};
const client = new S3Client(s3Config);
client.send(
  new PutObjectCommand({
    Bucket: 'large-steps',
    Key: 'key',
    Body: new Uint8Array(Buffer.from('hello')),
  })
);

Observed Behavior

When ran, it prints out the contents of the body:

..."name":"logger","clientName":"S3Client","commandName":"PutObjectCommand","input":{"Bucket":"large-steps","Key":"key","Body":{"0":104,"1":101,"2":108,"3":108,"4":111}}...

Expected Behavior

I would expect the thing that has "filterSensitive" in its name to filter out sensitive data, such as the input data for PutObjectCommand

Possible Solution

The implementation for most is not doing much with the input/output Body contents. PUT specifically is for example

export const PutObjectRequestFilterSensitiveLog = (obj: PutObjectRequest): any => ({
  ...obj,
  ...(obj.SSECustomerKey && { SSECustomerKey: SENSITIVE_STRING }),
  ...(obj.SSEKMSKeyId && { SSEKMSKeyId: SENSITIVE_STRING }),
  ...(obj.SSEKMSEncryptionContext && { SSEKMSEncryptionContext: SENSITIVE_STRING }),
});

It doesn't seem to pay attention to the input/output Body contents, which IMHO should be scraped out:

export const PutObjectRequestFilterSensitiveLog = (obj: PutObjectRequest): any => ({
  ...obj,
  Body: SENSITIVE_STRING,
  ...(obj.SSECustomerKey && { SSECustomerKey: SENSITIVE_STRING }),
  ...(obj.SSEKMSKeyId && { SSEKMSKeyId: SENSITIVE_STRING }),
  ...(obj.SSEKMSEncryptionContext && { SSEKMSEncryptionContext: SENSITIVE_STRING }),
});

Additional Information/Context

Is this intended? I feel like this is not a very good behaviour for production usage, for two reasons:

  • this is effectively logging everything without attention to privacy concerns
  • this is effectively storing all the clients' S3 content not only into S3, but also into their logging solution (albeit in a bit unusable form)
@carera carera added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels May 16, 2024
@kuhe kuhe added the service-api This issue is due to a problem in a service API, not the SDK implementation. label May 21, 2024
@kuhe
Copy link
Contributor

kuhe commented May 21, 2024

This is not specific to the JavaScript SDK since the service (S3) has not marked the object bodies as sensitive.

@aBurmeseDev aBurmeseDev removed the needs-triage This issue or PR still needs to be triaged. label May 23, 2024
@aBurmeseDev
Copy link
Member

Hi @carera - thanks for reaching out. As previously mentioned above, there are service models from S3 with various traits, one of the traits is called sensitive: mark the field as sensitive. In this particular case, object body output has not been marked as sensitive by S3 which is why you're seeing these output. From SDK perspective, we're simply logging the fields passed by service models. Hope that makes sense.

Please reach out to S3 directly on AWS Support or I could submit an internal request on behalf if you'd like.
Best,
John

@aBurmeseDev aBurmeseDev added the response-requested Waiting on additional info and feedback. Will move to \"closing-soon\" in 7 days. label May 23, 2024
@carera
Copy link
Author

carera commented May 28, 2024
edited

Hey, hey, thank you for your reply.

I understand your argument that object body is not officially marked as sensitive data, I could perhaps agree with this.

How about the argument that S3 objects can get ridiculously large (S3 is after all used for storing large objects)? Logging the entire object bodies feels wrong. Not only this inflates logs massively, but effectively turns our logging solution into a second S3 object storage, as the entire object bodies are streamed to both S3 as well as to whatever consumes the logs.

I'm, interesting in your opinion on this, @kuhe, @aBurmeseDev
Thank you!

@aBurmeseDev
Copy link
Member

I appreciate your response and agree with your statements. In this case, however, SDK doesn't have control over marking object bodies as sensitive, S3 does. Same goes for our other language SDKs, it will output the same because SDK would simply log the field passed down from upstream models.

Hope that makes sense!

@aBurmeseDev aBurmeseDev added the closing-soon This issue will automatically close in 4 days unless further comments are made. label May 28, 2024
@github-actions github-actions bot added closed-for-staleness and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Jun 2, 2024
@github-actions github-actions bot closed this as completed Jun 2, 2024
@github-actions GitHub Actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 16, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug This issue is a bug. closed-for-staleness response-requested Waiting on additional info and feedback. Will move to \"closing-soon\" in 7 days. service-api This issue is due to a problem in a service API, not the SDK implementation.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kuhe @carera @aBurmeseDev