[jira] [Updated] (CASSANDRA-16801) PasswordObfuscator should not assume PASSWORD is the last item in the WITH clause
[ https://issues.apache.org/jira/browse/CASSANDRA-16801?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Berenguer Blasi updated CASSANDRA-16801: Fix Version/s: 4.0.2 4.1 (was: 4.x) (was: 4.0.x) Since Version: 4.0 Source Control Link: https://github.com/apache/cassandra/commit/85248da628770d9d93fdd2cbd1eedd55b3ddc206 Resolution: Fixed Status: Resolved (was: Ready to Commit) > PasswordObfuscator should not assume PASSWORD is the last item in the WITH > clause > - > > Key: CASSANDRA-16801 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16801 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Caleb Rackliffe >Assignee: Berenguer Blasi >Priority: Normal > Fix For: 4.0.2, 4.1 > > > CASSANDRA-16669 introduced support for obfuscating passwords for audit log > statements, but there are a few cases where the obfuscation logic can destroy > some of the contents of the original/provided string. > ex. This is perfectly valid... > {noformat} > WITH LOGIN = false AND PASSWORD = 'bar' AND SUPERUSER = false > {noformat} > ...but calling obfuscate() on it will produce... > {noformat} > WITH LOGIN = false AND PASSWORD *** > {noformat} > -We should be able to create a reasonable RegEx and use String#replaceAll() > to both simplify and correct PasswordObfuscator#obfuscate().- -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16801) PasswordObfuscator should not assume PASSWORD is the last item in the WITH clause
[ https://issues.apache.org/jira/browse/CASSANDRA-16801?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Berenguer Blasi updated CASSANDRA-16801: Status: Ready to Commit (was: Review In Progress) > PasswordObfuscator should not assume PASSWORD is the last item in the WITH > clause > - > > Key: CASSANDRA-16801 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16801 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Caleb Rackliffe >Assignee: Berenguer Blasi >Priority: Normal > Fix For: 4.0.x, 4.x > > > CASSANDRA-16669 introduced support for obfuscating passwords for audit log > statements, but there are a few cases where the obfuscation logic can destroy > some of the contents of the original/provided string. > ex. This is perfectly valid... > {noformat} > WITH LOGIN = false AND PASSWORD = 'bar' AND SUPERUSER = false > {noformat} > ...but calling obfuscate() on it will produce... > {noformat} > WITH LOGIN = false AND PASSWORD *** > {noformat} > -We should be able to create a reasonable RegEx and use String#replaceAll() > to both simplify and correct PasswordObfuscator#obfuscate().- -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16801) PasswordObfuscator should not assume PASSWORD is the last item in the WITH clause
[ https://issues.apache.org/jira/browse/CASSANDRA-16801?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Benjamin Lerer updated CASSANDRA-16801: --- Status: Review In Progress (was: Needs Committer) > PasswordObfuscator should not assume PASSWORD is the last item in the WITH > clause > - > > Key: CASSANDRA-16801 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16801 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Caleb Rackliffe >Assignee: Berenguer Blasi >Priority: Normal > Fix For: 4.0.x, 4.x > > > CASSANDRA-16669 introduced support for obfuscating passwords for audit log > statements, but there are a few cases where the obfuscation logic can destroy > some of the contents of the original/provided string. > ex. This is perfectly valid... > {noformat} > WITH LOGIN = false AND PASSWORD = 'bar' AND SUPERUSER = false > {noformat} > ...but calling obfuscate() on it will produce... > {noformat} > WITH LOGIN = false AND PASSWORD *** > {noformat} > -We should be able to create a reasonable RegEx and use String#replaceAll() > to both simplify and correct PasswordObfuscator#obfuscate().- -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16801) PasswordObfuscator should not assume PASSWORD is the last item in the WITH clause
[ https://issues.apache.org/jira/browse/CASSANDRA-16801?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Benjamin Lerer updated CASSANDRA-16801: --- Reviewers: Benjamin Lerer, Ekaterina Dimitrova > PasswordObfuscator should not assume PASSWORD is the last item in the WITH > clause > - > > Key: CASSANDRA-16801 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16801 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Caleb Rackliffe >Assignee: Berenguer Blasi >Priority: Normal > Fix For: 4.0.x, 4.x > > > CASSANDRA-16669 introduced support for obfuscating passwords for audit log > statements, but there are a few cases where the obfuscation logic can destroy > some of the contents of the original/provided string. > ex. This is perfectly valid... > {noformat} > WITH LOGIN = false AND PASSWORD = 'bar' AND SUPERUSER = false > {noformat} > ...but calling obfuscate() on it will produce... > {noformat} > WITH LOGIN = false AND PASSWORD *** > {noformat} > -We should be able to create a reasonable RegEx and use String#replaceAll() > to both simplify and correct PasswordObfuscator#obfuscate().- -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16801) PasswordObfuscator should not assume PASSWORD is the last item in the WITH clause
[ https://issues.apache.org/jira/browse/CASSANDRA-16801?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ekaterina Dimitrova updated CASSANDRA-16801: Status: Needs Committer (was: Patch Available) > PasswordObfuscator should not assume PASSWORD is the last item in the WITH > clause > - > > Key: CASSANDRA-16801 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16801 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Caleb Rackliffe >Assignee: Berenguer Blasi >Priority: Normal > Fix For: 4.0.x, 4.x > > > CASSANDRA-16669 introduced support for obfuscating passwords for audit log > statements, but there are a few cases where the obfuscation logic can destroy > some of the contents of the original/provided string. > ex. This is perfectly valid... > {noformat} > WITH LOGIN = false AND PASSWORD = 'bar' AND SUPERUSER = false > {noformat} > ...but calling obfuscate() on it will produce... > {noformat} > WITH LOGIN = false AND PASSWORD *** > {noformat} > -We should be able to create a reasonable RegEx and use String#replaceAll() > to both simplify and correct PasswordObfuscator#obfuscate().- -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16801) PasswordObfuscator should not assume PASSWORD is the last item in the WITH clause
[ https://issues.apache.org/jira/browse/CASSANDRA-16801?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Berenguer Blasi updated CASSANDRA-16801: Test and Documentation Plan: See PR Status: Patch Available (was: In Progress) > PasswordObfuscator should not assume PASSWORD is the last item in the WITH > clause > - > > Key: CASSANDRA-16801 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16801 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Caleb Rackliffe >Assignee: Berenguer Blasi >Priority: Normal > Fix For: 4.0.x, 4.x > > > CASSANDRA-16669 introduced support for obfuscating passwords for audit log > statements, but there are a few cases where the obfuscation logic can destroy > some of the contents of the original/provided string. > ex. This is perfectly valid... > {noformat} > WITH LOGIN = false AND PASSWORD = 'bar' AND SUPERUSER = false > {noformat} > ...but calling obfuscate() on it will produce... > {noformat} > WITH LOGIN = false AND PASSWORD *** > {noformat} > -We should be able to create a reasonable RegEx and use String#replaceAll() > to both simplify and correct PasswordObfuscator#obfuscate().- -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16801) PasswordObfuscator should not assume PASSWORD is the last item in the WITH clause
[ https://issues.apache.org/jira/browse/CASSANDRA-16801?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brandon Williams updated CASSANDRA-16801: - Complexity: Normal (was: Low Hanging Fruit) > PasswordObfuscator should not assume PASSWORD is the last item in the WITH > clause > - > > Key: CASSANDRA-16801 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16801 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Caleb Rackliffe >Priority: Normal > Fix For: 4.0.x, 4.x > > > CASSANDRA-16669 introduced support for obfuscating passwords for audit log > statements, but there are a few cases where the obfuscation logic can destroy > some of the contents of the original/provided string. > ex. This is perfectly valid... > {noformat} > WITH LOGIN = false AND PASSWORD = 'bar' AND SUPERUSER = false > {noformat} > ...but calling obfuscate() on it will produce... > {noformat} > WITH LOGIN = false AND PASSWORD *** > {noformat} > -We should be able to create a reasonable RegEx and use String#replaceAll() > to both simplify and correct PasswordObfuscator#obfuscate().- -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16801) PasswordObfuscator should not assume PASSWORD is the last item in the WITH clause
[ https://issues.apache.org/jira/browse/CASSANDRA-16801?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Caleb Rackliffe updated CASSANDRA-16801: Description: CASSANDRA-16669 introduced support for obfuscating passwords for audit log statements, but there are a few cases where the obfuscation logic can destroy some of the contents of the original/provided string. ex. This is perfectly valid... {noformat} WITH LOGIN = false AND PASSWORD = 'bar' AND SUPERUSER = false {noformat} ...but calling obfuscate() on it will produce... {noformat} WITH LOGIN = false AND PASSWORD *** {noformat} -We should be able to create a reasonable RegEx and use String#replaceAll() to both simplify and correct PasswordObfuscator#obfuscate().- was: CASSANDRA-16669 introduced support for obfuscating passwords for audit log statements, but there are a few cases where the obfuscation logic can destroy some of the contents of the original/provided string. ex. This is perfectly valid... {noformat} WITH LOGIN = false AND PASSWORD = 'bar' AND SUPERUSER = false {noformat} ...but calling obfuscate() on it will produce... {noformat} WITH LOGIN = false AND PASSWORD *** {noformat} We should be able to create a reasonable RegEx and use String#replaceAll() to both simplify and correct PasswordObfuscator#obfuscate(). > PasswordObfuscator should not assume PASSWORD is the last item in the WITH > clause > - > > Key: CASSANDRA-16801 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16801 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Caleb Rackliffe >Priority: Normal > Fix For: 4.0.x, 4.x > > > CASSANDRA-16669 introduced support for obfuscating passwords for audit log > statements, but there are a few cases where the obfuscation logic can destroy > some of the contents of the original/provided string. > ex. This is perfectly valid... > {noformat} > WITH LOGIN = false AND PASSWORD = 'bar' AND SUPERUSER = false > {noformat} > ...but calling obfuscate() on it will produce... > {noformat} > WITH LOGIN = false AND PASSWORD *** > {noformat} > -We should be able to create a reasonable RegEx and use String#replaceAll() > to both simplify and correct PasswordObfuscator#obfuscate().- -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-16801) PasswordObfuscator should not assume PASSWORD is the last item in the WITH clause
[ https://issues.apache.org/jira/browse/CASSANDRA-16801?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Caleb Rackliffe updated CASSANDRA-16801: Bug Category: Parent values: Correctness(12982) Complexity: Low Hanging Fruit Discovered By: Code Inspection Fix Version/s: 4.x 4.0.x Severity: Normal Status: Open (was: Triage Needed) > PasswordObfuscator should not assume PASSWORD is the last item in the WITH > clause > - > > Key: CASSANDRA-16801 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16801 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging >Reporter: Caleb Rackliffe >Priority: Normal > Fix For: 4.0.x, 4.x > > > CASSANDRA-16669 introduced support for obfuscating passwords for audit log > statements, but there are a few cases where the obfuscation logic can destroy > some of the contents of the original/provided string. > ex. This is perfectly valid... > {noformat} > WITH LOGIN = false AND PASSWORD = 'bar' AND SUPERUSER = false > {noformat} > ...but calling obfuscate() on it will produce... > {noformat} > WITH LOGIN = false AND PASSWORD *** > {noformat} > We should be able to create a reasonable RegEx and use String#replaceAll() to > both simplify and correct PasswordObfuscator#obfuscate(). -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org