ensure Plugin#original_params is hides password fields #4952
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -53,7 +53,7 @@ def config_init(params) | |
| # Keep a copy of the original config params so that we can later | ||
| # differentiate between explicit configuration and implicit (default) | ||
| # configuration. | ||
| original_params = params.clone | ||
|
|
||
| # store the plugin type, turns LogStash::Inputs::Base into 'input' | ||
| @plugin_type = self.class.ancestors.find { |a| a.name =~ /::Base$/ }.config_name | ||
|
|
@@ -142,6 +142,11 @@ def config_init(params) | |
| instance_variable_set("@#{key}", value) | ||
| end | ||
|
|
||
| # now that we know the parameters are valid, we can obfuscate the original copy | ||
| # of the parameters before storing them as an instance variable | ||
| self.class.validate_check_parameter_values(original_params) | ||
|
There was a problem hiding this comment. Isn't this actually doing the validation twice? I saw https://github.com/elastic/logstash/blob/master/logstash-core/lib/logstash/config/mixin.rb#L252-L265 that is basically the validation method. I know this fixes the problem, I'm just wondering here if we should have a diff method or some kind of alias that show we're actually running the change to hide the password. what do you think? There was a problem hiding this comment. I struggled a bit with that, and I did a sample implementation of a method just to do that, but it's somewhat awkward and leads to some duplication of code. There was a problem hiding this comment. I am doing some testing for that, not sure if it could have some side effect in specific cases. There was a problem hiding this comment. I am OK with this fix event if we are actually validating twice the submitted values. There was a problem hiding this comment. I would say, we should add an issue to cleanup this deb, are you ok with On Thu, Mar 31, 2016 at 3:37 PM Pier-Hugues Pellerin <
|
||
| @original_params = original_params | ||
|
|
||
| @config = params | ||
| end # def config_init | ||
|
|
||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what about changing
obfuscatetohidewhen talking about security, obfuscate has this idea of security through obscurity, what do you think?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't have feelings either way. imo, it's correct in the sense of english (it can mean blur, complicate, etc). as for security by obscurity..this is opensource :D
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with @purbon , an obfuscation implies that something can be reversed (an obfuscated password is something like HTTP basic, where the pass is base64 encoded). This is hidden or masked. I think this is an important distinction to make here if someone is reading this for a security review.