Updated Branches: refs/heads/4.3 97dc85cae -> 8367a8fae
CLOUDSTACK-5355: addImageStore should not log password in clear text in the log. Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/8367a8fa Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/8367a8fa Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/8367a8fa Branch: refs/heads/4.3 Commit: 8367a8fae19bb883747a8fecfa3b00d022513104 Parents: 97dc85c Author: Min Chen <[email protected]> Authored: Tue Dec 3 15:42:38 2013 -0800 Committer: Min Chen <[email protected]> Committed: Tue Dec 3 16:46:02 2013 -0800 ---------------------------------------------------------------------- .../lifecycle/CloudStackImageStoreLifeCycleImpl.java | 6 ++++-- utils/src/com/cloud/utils/StringUtils.java | 4 ++-- utils/test/com/cloud/utils/StringUtilsTest.java | 12 ++++++++++-- 3 files changed, 16 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8367a8fa/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java ---------------------------------------------------------------------- diff --git a/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java b/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java index d644878..65a4018 100644 --- a/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java +++ b/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java @@ -26,6 +26,8 @@ import javax.inject.Inject; import org.apache.log4j.Logger; +import com.ibm.wsdl.util.StringUtils; + import org.apache.cloudstack.engine.subsystem.api.storage.ClusterScope; import org.apache.cloudstack.engine.subsystem.api.storage.DataStore; import org.apache.cloudstack.engine.subsystem.api.storage.HostScope; @@ -84,13 +86,13 @@ public class CloudStackImageStoreLifeCycleImpl implements ImageStoreLifeCycle { DataStoreRole role = (DataStoreRole) dsInfos.get("role"); Map<String, String> details = (Map<String, String>) dsInfos.get("details"); - s_logger.info("Trying to add a new data store at " + url + " to data center " + dcId); + s_logger.info("Trying to add a new data store at " + StringUtils.cleanString(url) + " to data center " + dcId); URI uri = null; try { uri = new URI(UriUtils.encodeURIComponent(url)); if (uri.getScheme() == null) { - throw new InvalidParameterValueException("uri.scheme is null " + url + ", add nfs:// (or cifs://) as a prefix"); + throw new InvalidParameterValueException("uri.scheme is null " + StringUtils.cleanString(url) + ", add nfs:// (or cifs://) as a prefix"); } else if (uri.getScheme().equalsIgnoreCase("nfs")) { if (uri.getHost() == null || uri.getHost().equalsIgnoreCase("") || uri.getPath() == null || uri.getPath().equalsIgnoreCase("")) { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8367a8fa/utils/src/com/cloud/utils/StringUtils.java ---------------------------------------------------------------------- diff --git a/utils/src/com/cloud/utils/StringUtils.java b/utils/src/com/cloud/utils/StringUtils.java index 948c0ac..7aafff1 100644 --- a/utils/src/com/cloud/utils/StringUtils.java +++ b/utils/src/com/cloud/utils/StringUtils.java @@ -157,8 +157,8 @@ public class StringUtils { return sb.toString(); } - // removes a password request param and it's value - private static final Pattern REGEX_PASSWORD_QUERYSTRING = Pattern.compile("&?(password|accesskey|secretkey)=.*?(?=[&'\"])"); + // removes a password request param and it's value, also considering password is in query parameter value which has been url encoded + private static final Pattern REGEX_PASSWORD_QUERYSTRING = Pattern.compile("(&|%26)?(password|accesskey|secretkey)(=|%3D).*?(?=(%26|[&'\"]))"); // removes a password/accesskey/ property from a response json object private static final Pattern REGEX_PASSWORD_JSON = Pattern.compile("\"(password|accesskey|secretkey)\":\".*?\",?"); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8367a8fa/utils/test/com/cloud/utils/StringUtilsTest.java ---------------------------------------------------------------------- diff --git a/utils/test/com/cloud/utils/StringUtilsTest.java b/utils/test/com/cloud/utils/StringUtilsTest.java index ae37c24..cc22f9d 100644 --- a/utils/test/com/cloud/utils/StringUtilsTest.java +++ b/utils/test/com/cloud/utils/StringUtilsTest.java @@ -16,9 +16,9 @@ // under the License. package com.cloud.utils; -import org.junit.Test; import static org.junit.Assert.assertEquals; -import com.cloud.utils.StringUtils; + +import org.junit.Test; public class StringUtilsTest { @Test @@ -72,6 +72,14 @@ public class StringUtilsTest { } @Test + public void testCleanPasswordFromEncodedRequestString() { + String input = "name=SS1&provider=SMB&zoneid=5a60af2b-3025-4f2a-9ecc-8e33bf2b94e3&url=cifs%3A%2F%2F10.102.192.150%2FSMB-Share%2Fsowmya%2Fsecondary%3Fuser%3Dsowmya%26password%3DXXXXX%40123%26domain%3DBLR"; + String expected = "name=SS1&provider=SMB&zoneid=5a60af2b-3025-4f2a-9ecc-8e33bf2b94e3&url=cifs%3A%2F%2F10.102.192.150%2FSMB-Share%2Fsowmya%2Fsecondary%3Fuser%3Dsowmya%26domain%3DBLR"; + String result = StringUtils.cleanString(input); + assertEquals(result, expected); + } + + @Test public void testCleanPasswordFromRequestStringWithMultiplePasswords() { String input = "username=foo&password=bar&url=foobar&password=bar2&test=4"; String expected = "username=foo&url=foobar&test=4";
