Hi All, We need to fix two things. 1. We do not want to annonymize admin login attempts. As admin login failure is a security concers and overrides privacy concerns. so we need to remove this pattern. (This is a business case) 2. We need to detect regex infinite loop cases and break. (This is a technical case)
Cheers, Ruwan On Mon, Apr 9, 2018 at 4:06 AM, Megala Uthayakumar <meg...@wso2.com> wrote: > Hi All, > > When we execute the forget me tool on IS 5.5.0, with the improved user > management logs, forget me tool goes on an infinite loop on the following > line, > > *Initiator=admin@carbon.super Action=Update-Permissions-of-Role > Target=Application/abcdddd > Data={"Permissions":[{"resourceId":"/permission/","action":"ui.execute"},{"resourceId":"/permission/admin","action":"ui.execute"},{"resourceId":"/permission/admin/configure/datasources","action":"ui.execute"},{"resourceId":"/permission/admin/configure/security","action":"ui.execute"},{"resourceId":"/permission/admin/configure/security/usermgt/passwords","action":"ui.execute"},{"resourceId":"/permission/admin/configure/security/usermgt/profiles","action":"ui.execute"},{"resourceId":"/permission/admin/configure/security/usermgt/provisioning","action":"ui.execute"},{"resourceId":"/permission/admin/configure/security/usermgt/users","action":"ui.execute"},{"resourceId":"/permission/admin/configure/theme","action":"ui.execute"},{"resourceId":"/permission/admin/login","action":"ui.execute"},{"resourceId":"/permission/admin/manage","action":"ui.execute"},{"resourceId":"/permission/admin/manage/add/module","action":"ui.execute"},{"resourceId":"/permission/admin/manage/add/service","action":"ui.execute"},{"resourceId":"/permission/admin/manage/add/webapp","action":"ui.execute"},{"resourceId":"/permission/admin/manage/attachment","action":"ui.execute"},{"resourceId":"/permission/admin/manage/bpel","action":"ui.execute"},{"resourceId":"/permission/admin/manage/event-publish","action":"ui.execute"},{"resourceId":"/permission/admin/manage/event-streams","action":"ui.execute"},{"resourceId":"/permission/admin/manage/extensions","action":"ui.execute"},{"resourceId":"/permission/admin/manage/humantask","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/applicationmgt/create","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/applicationmgt/delete","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/applicationmgt/update","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/applicationmgt/view","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/authentication","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/authentication/session/delete","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/authentication/session/view","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/claimmgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/claimmgt/claim/create","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/claimmgt/claim/delete","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/claimmgt/claim/update","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/claimmgt/claim/view","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/claimmgt/metadata","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/consentmgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/emailmgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/entitlement","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/entitlement/pap/policy","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/entitlement/pap/subscriber","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/entitlement/pdp","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/entitlement/pep","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/identitymgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/idpmgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/keystoremgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/pep","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/provisioning","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/rolemgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/securitymgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/stsmgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/user","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/user/association/create","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/user/association/delete","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/user/association/update","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/user/association/view","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/usermgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userprofile","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userroleuimgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userstore","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userstore/config/create","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userstore/config/delete","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userstore/config/update","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userstore/config/view","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userstore/count","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/association/create","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/association/delete","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/association/update","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/association/view","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/definition","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/monitor","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/profile","action":"ui.execute"},{"resourceId":"/permission/admin/manage/modify","action":"ui.execute"},{"resourceId":"/permission/admin/manage/resources","action":"ui.execute"},{"resourceId":"/permission/admin/manage/search","action":"ui.execute"},{"resourceId":"/permission/admin/manage/topic","action":"ui.execute"},{"resourceId":"/permission/admin/monitor","action":"ui.execute"},{"resourceId":"/permission/applications","action":"ui.execute"},{"resourceId":"/permission/protected","action":"ui.execute"},{"resourceId":"/permission/protected/configure/components","action":"ui.execute"},{"resourceId":"/permission/protected/configure/logging","action":"ui.execute"},{"resourceId":"/permission/protected/manage","action":"ui.execute"},{"resourceId":"/permission/protected/manage/modify/tenants","action":"ui.execute"},{"resourceId":"/permission/protected/manage/monitor","action":"ui.execute"},{"resourceId":"/permission/protected/manage/monitor/tenants/list","action":"ui.execute"},{"resourceId":"/permission/protected/server-admin","action":"ui.execute"}]} > Outcome=Success * > > On further investigration, it was identified, following pattern under > apim-patterns.xml is causing this issue. > > * <pattern key="pattern6">* > * > <detectPattern>(.)*(${username}@${tenantDomain}(\s)*(\[)${tenantId}(\])|)(.)*(Failed > Administrator login attempt ')${username}(\[)${tenantId}(\]' > at)</detectPattern>* > * > <replacePattern>(${username}(\[)${tenantId}(\])(.)*|${username}@${tenantDomain})</replacePattern>* > * </pattern>* > > While executing this pattern, forgetme tool goes on an infinite loop on > the line, *matcher.find()*. Seems this pattern is affected by > catastrophic backtracking[1], as that is common reason for infinite loop > for matcher.find. > > After commenting out, I was execute the tool successfully. Even after > commenting out, I was able to cover the following relevant line with the > existing patterns, > > *TID: [-1234] [] [2018-04-09 09:25:20,249] WARN > {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed > Administrator login attempt '0e78c77d-5ffc-4827-a189-3694d2a433db[-1234]' > at [2018-04-09 09:25:20,248+0530] * > > Are we handing any other patterns of logs with this pattern? Since I was > able to replace the username in above line even without particular pattern, > shall we remove that pattern? > > [1] https://www.regular-expressions.info/catastrophic.html > > Thanks. > > Regards, > Megala > > -- > Megala Uthayakumar > > Senior Software Engineer > Mobile : 0779967122 >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev