os-brick

utils.trace is leaking passwords

Bug #1640251 reported by Matt Riedemann
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
os-brick
Fix Released
Undecided
Matt Riedemann

Bug Description

This utils.trace decorator is leaking passwords from the connection_info dict when connecting a volume:

https://github.com/openstack/os-brick/blob/1.8.0/os_brick/utils.py#L140

In this case it's the iscsi windows volume driver:

https://github.com/openstack/os-brick/blob/1.8.0/os_brick/initiator/windows/iscsi.py#L80

Seen here:

http://64.119.130.115/nova/273504/15/Hyper-V_logs/c2-r1-u07/nova-compute.log.gz

2016-10-01 00:26:52.094 220 75082848 MainThread DEBUG os_brick.initiator.windows.iscsi [req-fa9e78f0-f9e8-4dbe-bf7e-ddb1aa351685 0c48f62080874d4fa9cab0c6f95931ee 3b681e104c054aa9838fcac7728fc9e0 - - -] ==> connect_volume: call {'connection_properties': {u'access_mode': u'rw', u'target_discovered': False, u'encrypted': False, u'qos_specs': None, u'target_iqn': u'iqn.2010-10.org.openstack:volume-3fcb2151-5f74-4ee2-8532-e39ccbee4a21', u'target_portal': u'10.0.100.186:3260', u'volume_id': u'3fcb2151-5f74-4ee2-8532-e39ccbee4a21', u'target_lun': 1, u'auth_password': u'dC2dA9kPNbL95MEh', u'auth_username': u'cNExwK6Vb3hTk89jasrW', u'auth_method': u'CHAP'}, 'self': <os_brick.initiator.windows.iscsi.WindowsISCSIConnector object at 0x043D8A50>} trace_logging_wrapper C:\Python27\lib\site-packages\os_brick\utils.py:141

Matt Riedemann (mriedem)
Changed in os-brick:
status: New → Confirmed
Matt Riedemann (mriedem)
Changed in os-brick:
assignee: nobody → Matt Riedemann (mriedem)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to os-brick (master)

Fix proposed to branch: master
Review: https://review.openstack.org/395099

Changed in os-brick:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to os-brick (master)

Reviewed: https://review.openstack.org/395099
Committed: https://git.openstack.org/cgit/openstack/os-brick/commit/?id=7af307bbe079a72c805ae56e875a285721ec783c
Submitter: Jenkins
Branch: master

commit 7af307bbe079a72c805ae56e875a285721ec783c
Author: Matt Riedemann <email address hidden>
Date: Tue Nov 8 12:55:46 2016 -0500

    Mask passwords in utils.trace for func params

    The utils.trace helper is logging the args list to
    the decorated function but is not masking passwords
    in those args. This change adds a call to mask passwords
    in the function args list.

    Change-Id: I79480c6f9c3e3a9a917854139461650780e6e8b4
    Closes-Bug: #1640251

Changed in os-brick:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/os-brick 1.9.0

This issue was fixed in the openstack/os-brick 1.9.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.