Thanks Ruwan for the response. I will remove the pattern and send it as WUM
update.
On Mon, Apr 9, 2018 at 10:10 AM, Ruwan Abeykoon <ruw...@wso2.com> wrote:
> Hi All,
> We need to fix two things.
> 1. We do not want to annonymize admin login attempts. As admin login
> failure is a security concers and overrides privacy concerns. so we need to
> remove this pattern. (This is a business case)
> 2. We need to detect regex infinite loop cases and break. (This is a
> technical case)
>
> Cheers,
> Ruwan
>
> On Mon, Apr 9, 2018 at 4:06 AM, Megala Uthayakumar <meg...@wso2.com>
> wrote:
>
>> Hi All,
>>
>> When we execute the forget me tool on IS 5.5.0, with the improved user
>> management logs, forget me tool goes on an infinite loop on the following
>> line,
>>
>> *Initiator=admin@carbon.super Action=Update-Permissions-of-Role
>> Target=Application/abcdddd
>> Data={"Permissions":[{"resourceId":"/permission/","action":"ui.execute"},{"resourceId":"/permission/admin","action":"ui.execute"},{"resourceId":"/permission/admin/configure/datasources","action":"ui.execute"},{"resourceId":"/permission/admin/configure/security","action":"ui.execute"},{"resourceId":"/permission/admin/configure/security/usermgt/passwords","action":"ui.execute"},{"resourceId":"/permission/admin/configure/security/usermgt/profiles","action":"ui.execute"},{"resourceId":"/permission/admin/configure/security/usermgt/provisioning","action":"ui.execute"},{"resourceId":"/permission/admin/configure/security/usermgt/users","action":"ui.execute"},{"resourceId":"/permission/admin/configure/theme","action":"ui.execute"},{"resourceId":"/permission/admin/login","action":"ui.execute"},{"resourceId":"/permission/admin/manage","action":"ui.execute"},{"resourceId":"/permission/admin/manage/add/module","action":"ui.execute"},{"resourceId":"/permission/admin/manage/add/service","action":"ui.execute"},{"resourceId":"/permission/admin/manage/add/webapp","action":"ui.execute"},{"resourceId":"/permission/admin/manage/attachment","action":"ui.execute"},{"resourceId":"/permission/admin/manage/bpel","action":"ui.execute"},{"resourceId":"/permission/admin/manage/event-publish","action":"ui.execute"},{"resourceId":"/permission/admin/manage/event-streams","action":"ui.execute"},{"resourceId":"/permission/admin/manage/extensions","action":"ui.execute"},{"resourceId":"/permission/admin/manage/humantask","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/applicationmgt/create","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/applicationmgt/delete","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/applicationmgt/update","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/applicationmgt/view","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/authentication","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/authentication/session/delete","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/authentication/session/view","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/claimmgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/claimmgt/claim/create","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/claimmgt/claim/delete","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/claimmgt/claim/update","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/claimmgt/claim/view","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/claimmgt/metadata","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/consentmgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/emailmgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/entitlement","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/entitlement/pap/policy","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/entitlement/pap/subscriber","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/entitlement/pdp","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/entitlement/pep","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/identitymgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/idpmgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/keystoremgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/pep","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/provisioning","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/rolemgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/securitymgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/stsmgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/user","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/user/association/create","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/user/association/delete","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/user/association/update","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/user/association/view","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/usermgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userprofile","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userroleuimgt","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userstore","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userstore/config/create","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userstore/config/delete","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userstore/config/update","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userstore/config/view","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/userstore/count","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/association/create","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/association/delete","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/association/update","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/association/view","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/definition","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/monitor","action":"ui.execute"},{"resourceId":"/permission/admin/manage/identity/workflow/profile","action":"ui.execute"},{"resourceId":"/permission/admin/manage/modify","action":"ui.execute"},{"resourceId":"/permission/admin/manage/resources","action":"ui.execute"},{"resourceId":"/permission/admin/manage/search","action":"ui.execute"},{"resourceId":"/permission/admin/manage/topic","action":"ui.execute"},{"resourceId":"/permission/admin/monitor","action":"ui.execute"},{"resourceId":"/permission/applications","action":"ui.execute"},{"resourceId":"/permission/protected","action":"ui.execute"},{"resourceId":"/permission/protected/configure/components","action":"ui.execute"},{"resourceId":"/permission/protected/configure/logging","action":"ui.execute"},{"resourceId":"/permission/protected/manage","action":"ui.execute"},{"resourceId":"/permission/protected/manage/modify/tenants","action":"ui.execute"},{"resourceId":"/permission/protected/manage/monitor","action":"ui.execute"},{"resourceId":"/permission/protected/manage/monitor/tenants/list","action":"ui.execute"},{"resourceId":"/permission/protected/server-admin","action":"ui.execute"}]}
>> Outcome=Success *
>>
>> On further investigration, it was identified, following pattern under
>> apim-patterns.xml is causing this issue.
>>
>> * <pattern key="pattern6">*
>> *
>> <detectPattern>(.)*(${username}@${tenantDomain}(\s)*(\[)${tenantId}(\])|)(.)*(Failed
>> Administrator login attempt ')${username}(\[)${tenantId}(\]'
>> at)</detectPattern>*
>> *
>> <replacePattern>(${username}(\[)${tenantId}(\])(.)*|${username}@${tenantDomain})</replacePattern>*
>> * </pattern>*
>>
>> While executing this pattern, forgetme tool goes on an infinite loop on
>> the line, *matcher.find()*. Seems this pattern is affected by
>> catastrophic backtracking[1], as that is common reason for infinite loop
>> for matcher.find.
>>
>> After commenting out, I was execute the tool successfully. Even after
>> commenting out, I was able to cover the following relevant line with the
>> existing patterns,
>>
>> *TID: [-1234] [] [2018-04-09 09:25:20,249] WARN
>> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed
>> Administrator login attempt '0e78c77d-5ffc-4827-a189-3694d2a433db[-1234]'
>> at [2018-04-09 09:25:20,248+0530] *
>>
>> Are we handing any other patterns of logs with this pattern? Since I was
>> able to replace the username in above line even without particular pattern,
>> shall we remove that pattern?
>>
>> [1] https://www.regular-expressions.info/catastrophic.html
>>
>> Thanks.
>>
>> Regards,
>> Megala
>>
>> --
>> Megala Uthayakumar
>>
>> Senior Software Engineer
>> Mobile : 0779967122
>>
>
>
>
>
--
Megala Uthayakumar
Senior Software Engineer
Mobile : 0779967122
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
