-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ensure Plugin#original_params is hides password fields #4952
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -53,7 +53,7 @@ def config_init(params) | |
# Keep a copy of the original config params so that we can later | ||
# differentiate between explicit configuration and implicit (default) | ||
# configuration. | ||
@original_params = params.clone | ||
original_params = params.clone | ||
|
||
# store the plugin type, turns LogStash::Inputs::Base into 'input' | ||
@plugin_type = self.class.ancestors.find { |a| a.name =~ /::Base$/ }.config_name | ||
|
@@ -142,6 +142,11 @@ def config_init(params) | |
instance_variable_set("@#{key}", value) | ||
end | ||
|
||
# now that we know the parameters are valid, we can obfuscate the original copy | ||
# of the parameters before storing them as an instance variable | ||
self.class.validate_check_parameter_values(original_params) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Isn't this actually doing the validation twice? I saw https://github.com/elastic/logstash/blob/master/logstash-core/lib/logstash/config/mixin.rb#L252-L265 that is basically the validation method. I know this fixes the problem, I'm just wondering here if we should have a diff method or some kind of alias that show we're actually running the change to hide the password. what do you think? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I struggled a bit with that, and I did a sample implementation of a method just to do that, but it's somewhat awkward and leads to some duplication of code. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I am doing some testing for that, not sure if it could have some side effect in specific cases. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I am OK with this fix event if we are actually validating twice the submitted values. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I would say, we should add an issue to cleanup this deb, are you ok with On Thu, Mar 31, 2016 at 3:37 PM Pier-Hugues Pellerin <
|
||
@original_params = original_params | ||
|
||
@config = params | ||
end # def config_init | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what about changing
obfuscate
tohide
when talking about security, obfuscate has this idea of security through obscurity, what do you think?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't have feelings either way. imo, it's correct in the sense of english (it can mean blur, complicate, etc). as for security by obscurity..this is opensource :D
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with @purbon , an obfuscation implies that something can be reversed (an obfuscated password is something like HTTP basic, where the pass is base64 encoded). This is hidden or masked. I think this is an important distinction to make here if someone is reading this for a security review.