safe_log Does Not Sanitize Passwords in Lists

Bug #1268459 reported by Auston McReynolds
24
This bug affects 3 people
Affects Status Importance Assigned to Milestone
oslo-incubator
High
Auston McReynolds
oslo.messaging
High
Mehdi Abaakouk

Bug Description

2014-01-13 05:02:54.850 DEBUG trove.openstack.common.rpc.amqp [-] received {u'_context_request_id': u'req-44adf4ac-12bb-44c5-be3d-da2cc73b2e05', u'args': {u'backup_id': None, u'name': u'smurf', u'availability_zone': None, u'overrides': {}, u'instance_id': u'55ade62e-393b-4c53-ba26-59216072f6b5', u'image_id': u'c02f2d4a-f16f-4b8a-b8ee-e194fc8cc481', u'datastore_manager': u'mysql', u'root_password': '<SANITIZED>', u'databases': [{u'_character_set': None, u'_collate': None, u'_name': u'mydb'}], u'flavor': {u'name': u'm1.rd-tiny', u'links': [{u'href': u'http://localhost:8774/v2/73932f61b7564433ba92fc47bf15cc64/flavors/7', u'rel': u'self'}, {u'href': u'http://localhost:8774/73932f61b7564433ba92fc47bf15cc64/flavors/7', u'rel': u'bookmark'}], u'ram': 512, u'id': u'7', u'OS-FLV-DISABLED:disabled': False, u'vcpus': 1, u'swap': u'', u'os-flavor-access:is_public': True, u'rxtx_factor': 1.0, u'OS-FLV-EXT-DATA:ephemeral': 0, u'disk': 2, u'_info': {u'name': u'm1.rd-tiny', u'links': [{u'href': u'http://localhost:8774/v2/73932f61b7564433ba92fc47bf15cc64/flavors/7', u'rel': u'self'}, {u'href': u'http://localhost:8774/73932f61b7564433ba92fc47bf15cc64/flavors/7', u'rel': u'bookmark'}], u'ram': 512, u'OS-FLV-DISABLED:disabled': False, u'vcpus': 1, u'swap': u'', u'os-flavor-access:is_public': True, u'rxtx_factor': 1.0, u'OS-FLV-EXT-DATA:ephemeral': 0, u'disk': 2, u'id': u'7'}, u'_loaded': True}, u'packages': u'mysql-server-5.5', u'volume_size': 1, u'users': [{u'_host': u'%', u'_password': u'banana', u'_databases': [], u'_name': u'bob'}, {u'_host': u'%', u'_password': u'mango', u'_databases': [], u'_name': u'tom'}]}, u'_context_tenant': u'73932f61b7564433ba92fc47bf15cc64', u'_context_auth_token': '<SANITIZED>', u'_context_show_deleted': False, u'namespace': None, u'_unique_id': u'0703116044cf4a808dc84744956c955c', u'_context_is_admin': False, u'version': u'1.0', u'_context_marker': None, u'_context_read_only': False, u'_context_user': u'f2500945f045493f90c404e612269086', u'method': u'create_instance', u'_context_limit': None} from (pid=14088) _safe_log /opt/stack/trove/trove/openstack/common/rpc/common.py:278

Note how the passwords are not masked for 'users': [{'_host': '%', '_password': 'banana', '_databases': [], '_name': 'bob'}, {'_host': '%', '_password': 'mango', '_databases': [], '_name': 'tom'}]

Changed in oslo:
assignee: nobody → Auston McReynolds (amcrn)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to oslo-incubator (master)

Fix proposed to branch: master
Review: https://review.openstack.org/66260

Revision history for this message
Flavio Percoco (flaper87) wrote :

The oslo-rpc patch can be ported to oslo.messaging.

Thanks!

Changed in oslo:
importance: Undecided → High
Changed in oslo.messaging:
importance: Undecided → High
Changed in oslo:
milestone: none → icehouse-2
Changed in oslo.messaging:
milestone: none → icehouse-2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to oslo-incubator (master)

Reviewed: https://review.openstack.org/66260
Committed: https://git.openstack.org/cgit/openstack/oslo-incubator/commit/?id=22e971ac1103336a4859e9c7314ffc52d137405a
Submitter: Jenkins
Branch: master

commit 22e971ac1103336a4859e9c7314ffc52d137405a
Author: amcrn <email address hidden>
Date: Sun Jan 12 21:56:44 2014 -0800

    safe_log Sanitize Passwords in List of Dicts

    sanitizes password fields found in lists of dicts for messages
    before logging.

    Change-Id: Ic3c3f7d43570fe99411a3f6bf9ef70de44104c53
    Closes-Bug: #1268459

Changed in oslo:
status: In Progress → Fix Committed
Changed in oslo.messaging:
milestone: icehouse-2 → icehouse-3
Thierry Carrez (ttx)
Changed in oslo:
status: Fix Committed → Fix Released
Changed in oslo.messaging:
status: New → Triaged
milestone: icehouse-3 → none
Thierry Carrez (ttx)
Changed in oslo:
milestone: icehouse-2 → 2014.1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to oslo.messaging (master)

Fix proposed to branch: master
Review: https://review.openstack.org/123759

Changed in oslo.messaging:
assignee: nobody → Mehdi Abaakouk (sileht)
status: Triaged → In Progress
Mehdi Abaakouk (sileht)
Changed in oslo.messaging:
milestone: none → next-kilo
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to oslo.messaging (master)

Reviewed: https://review.openstack.org/123759
Committed: https://git.openstack.org/cgit/openstack/oslo.messaging/commit/?id=56a9c55a3f2919d0dcc93639c23df169aafc240a
Submitter: Jenkins
Branch: master

commit 56a9c55a3f2919d0dcc93639c23df169aafc240a
Author: Mehdi Abaakouk <email address hidden>
Date: Wed Sep 24 17:18:39 2014 +0200

    safe_log Sanitize Passwords in List of Dicts

    Sanitizes password fields found in lists of dicts for messages
    before logging.

    This change uses oslo.utils.strutils.mask_password to do it.

    Change-Id: I7cd1e53e2ced7ebf9c5942b7a0dbbeb991acab4d
    Closes-Bug: #1268459

Changed in oslo.messaging:
status: In Progress → Fix Committed
Changed in oslo.messaging:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers