1561316811 opened a new issue, #8849:
URL: https://github.com/apache/cloudstack/issues/8849
<!--
Verify first that your issue/request is not already reported on GitHub.
Also test if the latest release and main branch are affected too.
Always add information AFTER of these HTML comments, but no need to delete
the comments.
-->
##### ISSUE TYPE
<!-- Pick one below and delete the rest -->
* Bug Report
##### COMPONENT NAME
<!--
Categorize the issue, e.g. API, VR, VPN, UI, etc.
-->
~~~
Cloud-Sever
~~~
##### CLOUDSTACK VERSION
<!--
New line separated list of affected versions, commit ID for issues on main
branch.
-->
~~~
commit ID: 45d267ccbf2749c547cbbbac4a2cb1f3351dcaf2 on main branch.
~~~
##### SUMMARY
<!-- Explain the problem/feature briefly -->
The sensitive information of req.getQueryString() may log out at
"s_logger.debug("Invalid parameter in URL found. param: " + param);"
##### error code location
com.cloud.api.ApiServlet#utf8Fixup
~~~
void utf8Fixup(final HttpServletRequest req, final Map<String, Object[]>
params) {
if (req.getQueryString() == null) {
return;
}
final String[] paramsInQueryString = req.getQueryString().split("&");
if (paramsInQueryString != null) {
for (final String param : paramsInQueryString) {
final String[] paramTokens = param.split("=", 2);
if (paramTokens.length == 2) {
String name = decodeUtf8(paramTokens[0]);
String value = decodeUtf8(paramTokens[1]);
params.put(name, new String[] {value});
} else {
LOGGER.debug("Invalid parameter in URL found. param: " +
param); //param taint
}
}
}
}
~~~
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
