> On March 8, 2017, 1:16 p.m., Jinmei Liao wrote: > > Any test changes? We probably can create a integrated/dunit test that would > > start a server with those ssl properties (including passwords) turned on, > > and have debug level truned on, and security truned on as well, and have > > gfsh connect to it using username and password, and see if any of the > > password show up in the logs.
`ArgumentRedactorJUnitTest` already has 85% method coverage and 95% line coverage of `ArgumentRedactor`. `SocketCreator.printConfig()` is a void method which only writes out to the log file. I could add a specific test for the expected ssl property, but it's already covered by the comparison `compareKey.toLowerCase().contains("password");` - Kevin ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/57431/#review168333 ----------------------------------------------------------- On March 8, 2017, 12:58 p.m., Kevin Duling wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/57431/ > ----------------------------------------------------------- > > (Updated March 8, 2017, 12:58 p.m.) > > > Review request for geode, Jinmei Liao, Jared Stewart, Ken Howe, and Kirk Lund. > > > Repository: geode > > > Description > ------- > > GEODE-2633: When turning on fine logging, GEODE logs the keystore password in > clear text > > > Diffs > ----- > > geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java > 742e7f3e93e595844675d0789b995e4ceb4431ac > > geode-core/src/main/java/org/apache/geode/internal/util/ArgumentRedactor.java > 419f3f976159e601c95a2042bafd96cc9fe9465f > > > Diff: https://reviews.apache.org/r/57431/diff/1/ > > > Testing > ------- > > precheckin running > > > Thanks, > > Kevin Duling > >