Skip to content

Commit f420b74

Browse files
minchen07minchen07
committed
CLOUDSTACK-5355: addImageStore should not log password in clear text in
the log.
1 parent 1c4f1de commit f420b74

File tree

3 files changed

+14
-4
lines changed

3 files changed

+14
-4
lines changed

plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,8 @@
2626

2727
import org.apache.log4j.Logger;
2828

29+
import com.ibm.wsdl.util.StringUtils;
30+
2931
import org.apache.cloudstack.engine.subsystem.api.storage.ClusterScope;
3032
import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
3133
import org.apache.cloudstack.engine.subsystem.api.storage.HostScope;
@@ -84,13 +86,13 @@ public DataStore initialize(Map<String, Object> dsInfos) {
8486
DataStoreRole role = (DataStoreRole)dsInfos.get("role");
8587
Map<String, String> details = (Map<String, String>)dsInfos.get("details");
8688

87-
s_logger.info("Trying to add a new data store at " + url + " to data center " + dcId);
89+
s_logger.info("Trying to add a new data store at " + StringUtils.cleanString(url) + " to data center " + dcId);
8890

8991
URI uri = null;
9092
try {
9193
uri = new URI(UriUtils.encodeURIComponent(url));
9294
if (uri.getScheme() == null) {
93-
throw new InvalidParameterValueException("uri.scheme is null " + url + ", add nfs:// (or cifs://) as a prefix");
95+
throw new InvalidParameterValueException("uri.scheme is null " + StringUtils.cleanString(url) + ", add nfs:// (or cifs://) as a prefix");
9496
} else if (uri.getScheme().equalsIgnoreCase("nfs")) {
9597
if (uri.getHost() == null || uri.getHost().equalsIgnoreCase("") || uri.getPath() == null || uri.getPath().equalsIgnoreCase("")) {
9698
throw new InvalidParameterValueException("Your host and/or path is wrong. Make sure it's of the format nfs://hostname/path");

utils/src/com/cloud/utils/StringUtils.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -152,8 +152,8 @@ public static String getMaskedPasswordForDisplay(String password) {
152152
return sb.toString();
153153
}
154154

155-
// removes a password request param and it's value
156-
private static final Pattern REGEX_PASSWORD_QUERYSTRING = Pattern.compile("&?(password|accesskey|secretkey)=.*?(?=[&'\"])");
155+
// removes a password request param and it's value, also considering password is in query parameter value which has been url encoded
156+
private static final Pattern REGEX_PASSWORD_QUERYSTRING = Pattern.compile("(&|%26)?(password|accesskey|secretkey)(=|%3D).*?(?=(%26|[&'\"]))");
157157

158158
// removes a password/accesskey/ property from a response json object
159159
private static final Pattern REGEX_PASSWORD_JSON = Pattern.compile("\"(password|accesskey|secretkey)\":\".*?\",?");

utils/test/com/cloud/utils/StringUtilsTest.java

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,14 @@ public void testCleanPasswordFromRequestString() {
7171
assertEquals(result, expected);
7272
}
7373

74+
@Test
75+
public void testCleanPasswordFromEncodedRequestString() {
76+
String input = "name=SS1&provider=SMB&zoneid=5a60af2b-3025-4f2a-9ecc-8e33bf2b94e3&url=cifs%3A%2F%2F10.102.192.150%2FSMB-Share%2Fsowmya%2Fsecondary%3Fuser%3Dsowmya%26password%3DXXXXX%40123%26domain%3DBLR";
77+
String expected = "name=SS1&provider=SMB&zoneid=5a60af2b-3025-4f2a-9ecc-8e33bf2b94e3&url=cifs%3A%2F%2F10.102.192.150%2FSMB-Share%2Fsowmya%2Fsecondary%3Fuser%3Dsowmya%26domain%3DBLR";
78+
String result = StringUtils.cleanString(input);
79+
assertEquals(result, expected);
80+
}
81+
7482
@Test
7583
public void testCleanPasswordFromRequestStringWithMultiplePasswords() {
7684
String input = "username=foo&password=bar&url=foobar&password=bar2&test=4";

0 commit comments

Comments
 (0)