You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2023/01/13 22:10:22 UTC

[GitHub] [kafka] kirktrue commented on a diff in pull request #13119: KAFKA-14623: OAuth's HttpAccessTokenRetriever potentially leaks secrets in logging

kirktrue commented on code in PR #13119:
URL: https://github.com/apache/kafka/pull/13119#discussion_r1070115905


##########
clients/src/main/java/org/apache/kafka/common/security/oauthbearer/internals/secured/HttpAccessTokenRetriever.java:
##########
@@ -240,6 +240,9 @@ static String handleOutput(final HttpURLConnection con) throws IOException {
         int responseCode = con.getResponseCode();
         log.debug("handleOutput - responseCode: {}", responseCode);
 
+        // NOTE: the contents of the response should not be logged so that we don't leak any
+        // sensitive data.
+        // TODO: is it OK to log the error response body and/or its formatted version?

Review Comment:
   @smjn @omkreddy: open question. Is it safe to log the `errorResponseBody` in whole or in part?
   
   The `formatErrorMessage` method attempts to extract the core error message out of the `errorResponseBody`, but it falls back to returning the whole string verbatim if it can't parse or find the error message in the response.
   
   Thoughts?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org