-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't log authentication configuration when connecting to MQTT broker #2249
Don't log authentication configuration when connecting to MQTT broker #2249
Conversation
Codecov Report
Additional details and impacted files
|
Robot Results
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To avoid repeating this mistake, I would remove the culprit derive(Debug)
.
-#[derive(Debug, Clone)]
+#[derive(Clone)]
struct ClientAuthConfig {
cert_chain: Vec<Certificate>,
key: PrivateKey,
}
+impl Debug for ClientAuthConfig {
+ fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+ // Do not print the private key!
+ self.cert_chain.fmt(f)
+ }
+}
PR thin-edge#2233 introduced some `info!` logging statements to MQTT connection code, so that the user could see what's happening. However, this code printed out the contents of the AuthenticationConfig struct which contained root certificate store and a client private key if client authentication option was used. The intent was to print out the certificate paths, but what was printed was the contents. Signed-off-by: root <marcel.guzik@inetum.com>
b459c63
to
b6a13ab
Compare
fixed in b6a13ab. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved. Cargo.lock has to be updated before merge.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved
The log entries look much better now:
Sep 13 06:47:08 ad0bf762eaeb c8y-firmware-plugin[969]: 2023-09-13T06:47:08.91651Z INFO mqtt_channel::connection: MQTT connecting to broker: host=localhost:8883, session_name=Some("c8y-firmware-plugin")
Signed-off-by: root <marcel.guzik@inetum.com>
ec01d57
to
f1b610b
Compare
PR #2233 introduced some
info!
logging statements to MQTT connection code, so that the user could see what's happening.However, this code printed out the contents of the AuthenticationConfig struct which contained root certificate store and a client private key if client authentication option was used.
The intent was to print out the certificate paths, but what was printed was the contents, potentially including secrets.
Fortunately it was caught quickly by @reubenmiller.
I think the biggest factor that contributed to this mistake was keeping secrets together with other safe-to-print fields, without using any marker type to denote that
ClientAuthConfig.key
is a secret, disabling it'sDebug
implementation so that it can't be accidentally printed out in the first place. Crates like secrecy can be used to replaceDisplay
andDebug
impls so that sensitive information cannot be printed.Proposed changes
Types of changes
Paste Link to the issue
Checklist
cargo fmt
as mentioned in CODING_GUIDELINEScargo clippy
as mentioned in CODING_GUIDELINESFurther comments