New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cassandra 16669 4.0.0 #140
base: cassandra-4.0.0
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Large diffs are not rendered by default.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
/* | ||
* Licensed to the Apache Software Foundation (ASF) under one | ||
* or more contributor license agreements. See the NOTICE file | ||
* distributed with this work for additional information | ||
* regarding copyright ownership. The ASF licenses this file | ||
* to you under the Apache License, Version 2.0 (the | ||
* "License"); you may not use this file except in compliance | ||
* with the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.apache.cassandra.cql3; | ||
|
||
/** | ||
* Obfuscates passwords in a given string | ||
*/ | ||
public class PasswordObfuscator | ||
{ | ||
public static final String OBFUSCATION_TOKEN = " *******"; | ||
private static final String PASSWORD_TOKEN = "password"; | ||
|
||
public String obfuscate(String sourceString) | ||
{ | ||
if (null == sourceString) | ||
return null; | ||
|
||
int passwordTokenStartIndex = sourceString.toLowerCase().indexOf(PASSWORD_TOKEN); | ||
if (passwordTokenStartIndex < 0) | ||
return sourceString; | ||
|
||
return sourceString.substring(0, passwordTokenStartIndex + PASSWORD_TOKEN.length()) + OBFUSCATION_TOKEN; | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -38,6 +38,7 @@ | |
import org.apache.cassandra.config.OverrideConfigurationLoader; | ||
import org.apache.cassandra.config.ParameterizedClass; | ||
import org.apache.cassandra.cql3.CQLTester; | ||
import org.apache.cassandra.cql3.PasswordObfuscator; | ||
import org.apache.cassandra.locator.InetAddressAndPort; | ||
import org.apache.cassandra.service.EmbeddedCassandraService; | ||
|
||
|
@@ -80,8 +81,8 @@ public static void setup() throws Exception | |
embedded.start(); | ||
|
||
executeWithCredentials( | ||
Arrays.asList(getCreateRoleCql(TEST_USER, true, false), | ||
getCreateRoleCql("testuser_nologin", false, false), | ||
Arrays.asList(getCreateRoleCql(TEST_USER, true, false, false), | ||
getCreateRoleCql("testuser_nologin", false, false, false), | ||
"CREATE KEYSPACE testks WITH replication = {'class': 'SimpleStrategy', 'replication_factor': '1'}", | ||
"CREATE TABLE testks.table1 (key text PRIMARY KEY, col1 int, col2 int)"), | ||
"cassandra", "cassandra", null); | ||
|
@@ -135,7 +136,7 @@ public void testCqlALTERRoleAuditing() | |
executeWithCredentials(Arrays.asList(cql), CASS_USER, CASS_PW, AuditLogEntryType.LOGIN_SUCCESS); | ||
assertTrue(getInMemAuditLogger().size() > 0); | ||
AuditLogEntry logEntry = getInMemAuditLogger().poll(); | ||
assertLogEntry(logEntry, AuditLogEntryType.ALTER_ROLE, cql, CASS_USER); | ||
assertLogEntry(logEntry, AuditLogEntryType.ALTER_ROLE, "ALTER ROLE " + TEST_ROLE + " WITH PASSWORD" + PasswordObfuscator.OBFUSCATION_TOKEN, CASS_USER); | ||
assertEquals(0, getInMemAuditLogger().size()); | ||
} | ||
|
||
|
@@ -274,19 +275,19 @@ private static void assertSource(AuditLogEntry logEntry, String username) | |
assertEquals(username, logEntry.getUser()); | ||
} | ||
|
||
private static String getCreateRoleCql(String role, boolean login, boolean superUser) | ||
private static String getCreateRoleCql(String role, boolean login, boolean superUser, boolean isPasswordObfuscated) | ||
{ | ||
return String.format("CREATE ROLE IF NOT EXISTS %s WITH LOGIN = %s AND SUPERUSER = %s AND PASSWORD = '%s'", | ||
role, login, superUser, TEST_PW); | ||
String baseQueryString = String.format("CREATE ROLE IF NOT EXISTS %s WITH LOGIN = %s AND SUPERUSER = %s AND PASSWORD", role, login, superUser); | ||
return isPasswordObfuscated ? baseQueryString + PasswordObfuscator.OBFUSCATION_TOKEN : baseQueryString + String.format(" = '%s'", TEST_PW); | ||
} | ||
|
||
private static void createTestRole() | ||
{ | ||
String createTestRoleCQL = getCreateRoleCql(TEST_ROLE, true, false); | ||
String createTestRoleCQL = getCreateRoleCql(TEST_ROLE, true, false, false); | ||
executeWithCredentials(Arrays.asList(createTestRoleCQL), CASS_USER, CASS_PW, AuditLogEntryType.LOGIN_SUCCESS); | ||
assertTrue(getInMemAuditLogger().size() > 0); | ||
AuditLogEntry logEntry = getInMemAuditLogger().poll(); | ||
assertLogEntry(logEntry, AuditLogEntryType.CREATE_ROLE, createTestRoleCQL, CASS_USER); | ||
assertLogEntry(logEntry, AuditLogEntryType.CREATE_ROLE, getCreateRoleCql(TEST_ROLE, true, false, true), CASS_USER); | ||
assertEquals(0, getInMemAuditLogger().size()); | ||
} | ||
} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is it possible to add a test case covering an invalid DCL statement, something that you identified in review? if it is already added, ignore my comment.
a rough test case that could cover this case
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: should we also add
and also failed to parse statements?