Re: [Dev] Forget me tool is going into an infinite loop while executing on improved audit logs

Ruwan Abeykoon Sun, 08 Apr 2018 21:41:40 -0700

Hi All,
We need to fix two things.
1. We do not want to annonymize admin login attempts. As admin login
failure is a security concers and overrides privacy concerns. so we need to
remove this pattern. (This is a business case)
2. We need to detect regex infinite loop cases and break. (This is a
technical case)


Cheers,
Ruwan

On Mon, Apr 9, 2018 at 4:06 AM, Megala Uthayakumar <meg...@wso2.com> wrote:

> Hi All,
>
> When we execute the forget me tool on IS 5.5.0, with the improved user
> management logs, forget me tool goes on an infinite loop on the following
> line,
>
> *Initiator=admin@carbon.super Action=Update-Permissions-of-Role
> Target=Application/abcdddd
> Data={"Permissions":[{"resourceId":"/permission/","action":"ui.execute"},{"resourceId":"/permission/admin","action":"ui.execute"},{"resourceId":"/permission/admin/configure/datasources","action":"ui.execute"},{"resourceId":"/permission/admin/configure/security","action":"ui.execute"},{"resourceId":"/permission/admin/configure/security/usermgt/passwords","action":"ui.execute"},{"resourceId":"/permission/admin/configure/security/usermgt/profiles","action":"ui.execute"},{"resourceId":"/permission/admin/configure/security/usermgt/provisioning","action":"ui.execute"},{"resourceId":"/permission/admin/configure/security/usermgt/users","action":"ui.execute"},{"resourceId":"/permission/admin/configure/theme","action":"ui.execute"},{"resourceId":"/permission/admin/login","action":"ui.execute"},{"resourceId":"/permission/admin/manage","action":"ui.execute"},{"resourceId":"/permission/admin/manage/add/module","action":"ui.execute"},{"resourceId":"/permission/admin/manage/add/service","action":"ui.execute"},{"resourceId":"/permission/admin/manage/add/webapp","action":"ui.execute"},{"resourceId":"/permission/admin/manage/attachment","action":"ui.execute"},{"resourceId":"/permission/admin/manage/bpel","action":"ui.execute"},{"resourceId":"/permission/admin/manage/event-publish","action":"ui.execute"},{"resourceId":"/permission/admin/manage/event-streams","action":"ui.execute"},{"resourceId":"/permission/admin/manage/extensions","action":"ui.execute"},{"resourceId":"/permission/admin/manage/humantask","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/applicationmgt/create","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/applicationmgt/delete","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/applicationmgt/update","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/applicationmgt/view","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/authentication","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/authentication/session/delete","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/authentication/session/view","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/claimmgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/claimmgt/claim/create","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/claimmgt/claim/delete","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/claimmgt/claim/update","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/claimmgt/claim/view","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/claimmgt/metadata","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/consentmgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/emailmgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/entitlement","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/entitlement/pap/policy","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/entitlement/pap/subscriber","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/entitlement/pdp","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/entitlement/pep","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/identitymgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/idpmgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/keystoremgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/pep","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/provisioning","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/rolemgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/securitymgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/stsmgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/user","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/user/association/create","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/user/association/delete","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/user/association/update","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/user/association/view","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/usermgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userprofile","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userroleuimgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userstore","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userstore/config/create","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userstore/config/delete","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userstore/config/update","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userstore/config/view","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userstore/count","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/association/create","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/association/delete","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/association/update","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/association/view","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/definition","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/monitor","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/profile","action":"ui.execute"},{"resourceId":"/permission/admin/manage/modify","action":"ui.execute"},{"resourceId":"/permission/admin/manage/resources","action":"ui.execute"},{"resourceId":"/permission/admin/manage/search","action":"ui.execute"},{"resourceId":"/permission/admin/manage/topic","action":"ui.execute"},{"resourceId":"/permission/admin/monitor","action":"ui.execute"},{"resourceId":"/permission/applications","action":"ui.execute"},{"resourceId":"/permission/protected","action":"ui.execute"},{"resourceId":"/permission/protected/configure/components","action":"ui.execute"},{"resourceId":"/permission/protected/configure/logging","action":"ui.execute"},{"resourceId":"/permission/protected/manage","action":"ui.execute"},{"resourceId":"/permission/protected/manage/modify/tenants","action":"ui.execute"},{"resourceId":"/permission/protected/manage/monitor","action":"ui.execute"},{"resourceId":"/permission/protected/manage/monitor/tenants/list","action":"ui.execute"},{"resourceId":"/permission/protected/server-admin","action":"ui.execute"}]}
> Outcome=Success *
>
> On further investigration, it was identified, following pattern under
> apim-patterns.xml is causing this issue.
>
> * <pattern key="pattern6">*
> *
> <detectPattern>(.)*(${username}@${tenantDomain}(\s)*(\[)${tenantId}(\])|)(.)*(Failed
> Administrator login attempt ')${username}(\[)${tenantId}(\]'
> at)</detectPattern>*
> *
> <replacePattern>(${username}(\[)${tenantId}(\])(.)*|${username}@${tenantDomain})</replacePattern>*
> *  </pattern>*
>
> While executing this pattern, forgetme tool goes on an infinite loop on
> the line, *matcher.find()*. Seems this pattern is affected by
> catastrophic backtracking[1], as that is common reason for infinite loop
> for matcher.find.
>
> After commenting out, I was execute the tool successfully. Even after
> commenting out, I was able to cover the following relevant line with the
> existing patterns,
>
> *TID: [-1234] [] [2018-04-09 09:25:20,249]  WARN
> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -  Failed
> Administrator login attempt '0e78c77d-5ffc-4827-a189-3694d2a433db[-1234]'
> at [2018-04-09 09:25:20,248+0530] *
>
> Are we handing any other patterns of logs with this pattern? Since I was
> able to replace the username in above line even without particular pattern,
> shall we remove that pattern?
>
> [1] https://www.regular-expressions.info/catastrophic.html
>
> Thanks.
>
> Regards,
> Megala
>
> --
> Megala Uthayakumar
>
> Senior Software Engineer
> Mobile : 0779967122
>

_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Forget me tool is going into an infinite loop while executing on improved audit logs

Reply via email to