You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dubbo.apache.org by li...@apache.org on 2019/10/31 02:47:40 UTC

[dubbo] branch master updated: remove sensitive data from log exception for dubbo protocol (#5255)

This is an automated email from the ASF dual-hosted git repository.

liujun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/dubbo.git


The following commit(s) were added to refs/heads/master by this push:
     new 5618b12  remove sensitive data from log exception for dubbo protocol (#5255)
5618b12 is described below

commit 5618b12340b9c3ecf90c7e01c274a4f094cc146c
Author: Haiyang <ha...@163.com>
AuthorDate: Thu Oct 31 10:47:25 2019 +0800

    remove sensitive data from log exception for dubbo protocol (#5255)
---
 .../dubbo/remoting/transport/AbstractChannel.java  |  3 +-
 .../org/apache/dubbo/remoting/utils/LogUtils.java  | 32 ++++++++++++++++++++++
 .../remoting/transport/netty/NettyChannel.java     |  5 ++--
 .../remoting/transport/netty4/NettyChannel.java    | 11 +++++---
 .../dubbo/rpc/protocol/dubbo/DubboProtocol.java    | 20 +++++++++++++-
 5 files changed, 63 insertions(+), 8 deletions(-)

diff --git a/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/transport/AbstractChannel.java b/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/transport/AbstractChannel.java
index bacc264..06e86a0 100644
--- a/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/transport/AbstractChannel.java
+++ b/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/transport/AbstractChannel.java
@@ -20,6 +20,7 @@ import org.apache.dubbo.common.URL;
 import org.apache.dubbo.remoting.Channel;
 import org.apache.dubbo.remoting.ChannelHandler;
 import org.apache.dubbo.remoting.RemotingException;
+import org.apache.dubbo.remoting.utils.LogUtils;
 
 /**
  * AbstractChannel
@@ -34,7 +35,7 @@ public abstract class AbstractChannel extends AbstractPeer implements Channel {
     public void send(Object message, boolean sent) throws RemotingException {
         if (isClosed()) {
             throw new RemotingException(this, "Failed to send message "
-                    + (message == null ? "" : message.getClass().getName()) + ":" + message
+                    + (message == null ? "" : message.getClass().getName()) + ":" + LogUtils.getRequestWithoutData(message)
                     + ", cause: Channel closed. channel: " + getLocalAddress() + " -> " + getRemoteAddress());
         }
     }
diff --git a/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/utils/LogUtils.java b/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/utils/LogUtils.java
new file mode 100644
index 0000000..96c434e
--- /dev/null
+++ b/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/utils/LogUtils.java
@@ -0,0 +1,32 @@
+package org.apache.dubbo.remoting.utils;
+
+import org.apache.dubbo.common.logger.Logger;
+import org.apache.dubbo.common.logger.LoggerFactory;
+import org.apache.dubbo.remoting.exchange.Request;
+import org.apache.dubbo.remoting.exchange.Response;
+
+public class LogUtils {
+    private static Logger logger = LoggerFactory.getLogger(LogUtils.class);
+
+    /**
+     * only log body in debugger mode for size & security consideration.
+     *
+     * @param message
+     * @return
+     */
+    public static Object getRequestWithoutData(Object message) {
+        if (logger.isDebugEnabled()) {
+            return message;
+        }
+        if (message instanceof Request) {
+            Request request = (Request) message;
+            request.setData(null);
+            return request;
+        } else if (message instanceof Response) {
+            Response response = (Response) message;
+            response.setResult(null);
+            return response;
+        }
+        return message;
+    }
+}
diff --git a/dubbo-remoting/dubbo-remoting-netty/src/main/java/org/apache/dubbo/remoting/transport/netty/NettyChannel.java b/dubbo-remoting/dubbo-remoting-netty/src/main/java/org/apache/dubbo/remoting/transport/netty/NettyChannel.java
index cad57b9..15e5f11 100644
--- a/dubbo-remoting/dubbo-remoting-netty/src/main/java/org/apache/dubbo/remoting/transport/netty/NettyChannel.java
+++ b/dubbo-remoting/dubbo-remoting-netty/src/main/java/org/apache/dubbo/remoting/transport/netty/NettyChannel.java
@@ -23,6 +23,7 @@ import org.apache.dubbo.remoting.ChannelHandler;
 import org.apache.dubbo.remoting.RemotingException;
 import org.apache.dubbo.remoting.transport.AbstractChannel;
 
+import org.apache.dubbo.remoting.utils.LogUtils;
 import org.jboss.netty.channel.ChannelFuture;
 
 import java.net.InetSocketAddress;
@@ -109,11 +110,11 @@ final class NettyChannel extends AbstractChannel {
                 throw cause;
             }
         } catch (Throwable e) {
-            throw new RemotingException(this, "Failed to send message " + message + " to " + getRemoteAddress() + ", cause: " + e.getMessage(), e);
+            throw new RemotingException(this, "Failed to send message " + LogUtils.getRequestWithoutData(message) + " to " + getRemoteAddress() + ", cause: " + e.getMessage(), e);
         }
 
         if (!success) {
-            throw new RemotingException(this, "Failed to send message " + message + " to " + getRemoteAddress()
+            throw new RemotingException(this, "Failed to send message " + LogUtils.getRequestWithoutData(message) + " to " + getRemoteAddress()
                     + "in timeout(" + timeout + "ms) limit");
         }
     }
diff --git a/dubbo-remoting/dubbo-remoting-netty4/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyChannel.java b/dubbo-remoting/dubbo-remoting-netty4/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyChannel.java
index 0130d28..7630ef0 100644
--- a/dubbo-remoting/dubbo-remoting-netty4/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyChannel.java
+++ b/dubbo-remoting/dubbo-remoting-netty4/src/main/java/org/apache/dubbo/remoting/transport/netty4/NettyChannel.java
@@ -25,6 +25,7 @@ import org.apache.dubbo.remoting.transport.AbstractChannel;
 
 import io.netty.channel.Channel;
 import io.netty.channel.ChannelFuture;
+import org.apache.dubbo.remoting.utils.LogUtils;
 
 import java.net.InetSocketAddress;
 import java.util.Map;
@@ -69,11 +70,12 @@ final class NettyChannel extends AbstractChannel {
         }
         this.channel = channel;
     }
+
     /**
      * Get dubbo channel by netty channel through channel cache.
      * Put netty channel into it if dubbo channel don't exist in the cache.
      *
-     * @param ch netty channel
+     * @param ch      netty channel
      * @param url
      * @param handler dubbo handler that contain netty's handler
      * @return
@@ -95,6 +97,7 @@ final class NettyChannel extends AbstractChannel {
         }
         return ret;
     }
+
     /**
      * Remove the inactive channel.
      *
@@ -145,7 +148,7 @@ final class NettyChannel extends AbstractChannel {
      * Send message by netty and whether to wait the completion of the send.
      *
      * @param message message that need send.
-     * @param sent whether to ack async-sent
+     * @param sent    whether to ack async-sent
      * @throws RemotingException throw RemotingException if wait until timeout or any exception thrown by method body that surrounded by try-catch.
      */
     @Override
@@ -168,10 +171,10 @@ final class NettyChannel extends AbstractChannel {
             }
         } catch (Throwable e) {
             removeChannelIfDisconnected(channel);
-            throw new RemotingException(this, "Failed to send message " + message + " to " + getRemoteAddress() + ", cause: " + e.getMessage(), e);
+            throw new RemotingException(this, "Failed to send message " + LogUtils.getRequestWithoutData(message) + " to " + getRemoteAddress() + ", cause: " + e.getMessage(), e);
         }
         if (!success) {
-            throw new RemotingException(this, "Failed to send message " + message + " to " + getRemoteAddress()
+            throw new RemotingException(this, "Failed to send message " + LogUtils.getRequestWithoutData(message) + " to " + getRemoteAddress()
                     + "in timeout(" + timeout + "ms) limit");
         }
     }
diff --git a/dubbo-rpc/dubbo-rpc-dubbo/src/main/java/org/apache/dubbo/rpc/protocol/dubbo/DubboProtocol.java b/dubbo-rpc/dubbo-rpc-dubbo/src/main/java/org/apache/dubbo/rpc/protocol/dubbo/DubboProtocol.java
index b1762bd..8df04b5 100644
--- a/dubbo-rpc/dubbo-rpc-dubbo/src/main/java/org/apache/dubbo/rpc/protocol/dubbo/DubboProtocol.java
+++ b/dubbo-rpc/dubbo-rpc-dubbo/src/main/java/org/apache/dubbo/rpc/protocol/dubbo/DubboProtocol.java
@@ -262,7 +262,7 @@ public class DubboProtocol extends AbstractProtocol {
 
         if (exporter == null) {
             throw new RemotingException(channel, "Not found exported service: " + serviceKey + " in " + exporterMap.keySet() + ", may be version or group mismatch " +
-                    ", channel: consumer: " + channel.getRemoteAddress() + " --> provider: " + channel.getLocalAddress() + ", message:" + inv);
+                    ", channel: consumer: " + channel.getRemoteAddress() + " --> provider: " + channel.getLocalAddress() + ", message:" + getInvocationWithoutData(inv));
         }
 
         return exporter.getInvoker();
@@ -667,4 +667,22 @@ public class DubboProtocol extends AbstractProtocol {
             logger.warn(t.getMessage(), t);
         }
     }
+
+    /**
+     * only log body in debugger mode for size & security consideration.
+     *
+     * @param invocation
+     * @return
+     */
+    private Invocation getInvocationWithoutData(Invocation invocation) {
+        if (logger.isDebugEnabled()) {
+            return invocation;
+        }
+        if (invocation instanceof RpcInvocation) {
+            RpcInvocation rpcInvocation = (RpcInvocation) invocation;
+            rpcInvocation.setArguments(null);
+            return rpcInvocation;
+        }
+        return invocation;
+    }
 }