[jira] [Created] (ZOOKEEPER-3989) GenerateLoad needs to use log for protecting sensitive data

Mon, 02 Nov 2020 21:21:20 -0800 

xiaoqin.fu created ZOOKEEPER-3989:
-------------------------------------

             Summary: GenerateLoad needs to use log for protecting sensitive 
data
                 Key: ZOOKEEPER-3989
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3989
             Project: ZooKeeper
          Issue Type: Improvement
          Components: tests
    Affects Versions: 3.4.13, 3.4.11
            Reporter: xiaoqin.fu


n methods of org.apache.zookeeper.test.system.GenerateLoad,

        public static void main(String[] args) throws InterruptedException,
            KeeperException, NoAvailableContainers, DuplicateNameException,
            NoAssignmentException {  
                                ......
                if (!statusWatcher.waitConnected(5000)) {
                    System.err.println("Could not connect to " + args[0]);
                    return;
                }                       
                                ......
                                String mode = getMode(parts[i]);
                                if (mode.equals("leader")) {
                                        zkHostPort = new 
StringBuilder(parts[i]);
                                        System.out.println("Connecting 
exclusively to " + zkHostPort.toString());
                                        break outer;
                                }
                                try {
                                        String cmdNumber[] = line.split(" ");
                                        ......
                                } catch (NumberFormatException e) {
                                        System.out.println("Not a valid number: 
"
                                                        + e.getMessage());
                                }
                                ......                          
            }                                   
        }                       
Sensitive data about args[0], zkHostPort, and cmdNumber are directly printed 
and may leak. 
For security, log should be used to record these data, as well as log in other 
classes such as org.apache.zookeeper.server.ZooKeeperServer:
        LOG = LoggerFactory.getLogger(GenerateLoad.class);
        ......
        LOG.error("Could not connect to " + args[0]);
        ......
        LOG.info("Connecting exclusively to " + zkHostPort.toString());
        ......
        LOG.error("Not a valid number: " + e.getMessage());



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to