You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by "1561316811 (via GitHub)" <gi...@apache.org> on 2024/03/31 03:01:48 UTC
[I] The sensitvie information job object may leak [cloudstack]
1561316811 opened a new issue, #8854:
URL: https://github.com/apache/cloudstack/issues/8854
<!--
Verify first that your issue/request is not already reported on GitHub.
Also test if the latest release and main branch are affected too.
Always add information AFTER of these HTML comments, but no need to delete the comments.
-->
##### ISSUE TYPE
<!-- Pick one below and delete the rest -->
* Bug Report
* Improvement Request
* Enhancement Request
* Feature Idea
* Documentation Report
* Other
##### COMPONENT NAME
<!--
Categorize the issue, e.g. API, VR, VPN, UI, etc.
-->
~~~
cloud-framework-jobs
~~~
##### CLOUDSTACK VERSION
<!--
New line separated list of affected versions, commit ID for issues on main branch.
-->
~~~
commit ID: 45d267ccbf2749c547cbbbac4a2cb1f3351dcaf2 on main branch.
~~~
##### CONFIGURATION
<!--
Information about the configuration if relevant, e.g. basic network, advanced networking, etc. N/A otherwise
-->
##### OS / ENVIRONMENT
<!--
Information about the environment if relevant, N/A otherwise
-->
##### SUMMARY
<!-- Explain the problem/feature briefly -->
The sensitvie information job object may leak through the "logger.trace("Unable to find a wakeup dispatcher from the joined job: " + job);"
##### STEPS TO REPRODUCE
<!--
For bugs, show exactly how to reproduce the problem, using a minimal test-case. Use Screenshots if accurate.
For new features, show how the feature would be used.
-->
<!-- Paste example playbooks or commands between quotes below -->
~~~
~~~
<!-- You can also paste gist.github.com links for larger files -->
##### EXPECTED RESULTS
<!-- What did you expect to happen when running the steps above? -->
~~~
~~~
##### ACTUAL RESULTS
<!-- What actually happened? -->
<!-- Paste verbatim command output between quotes below -->
~~~
~~~
#### bug code location
org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl#runInContext
~~~
protected void runInContext() {
long runNumber = getJobRunNumber();
try {
//
// setup execution environment
//
try {
JmxUtil.registerMBean("AsyncJobManager", "Active Job " + job.getId(), new AsyncJobMBeanImpl(job));
} catch (Exception e) {
// Due to co-existence of normal-dispatched-job/wakeup-dispatched-job, MBean register() call
// is expected to fail under situations
if (logger.isTraceEnabled())
logger.trace("Unable to register active job " + job.getId() + " to JMX monitoring due to exception " + ExceptionUtil.toString(e));
}
_jobMonitor.registerActiveTask(runNumber, job.getId());
AsyncJobExecutionContext.setCurrentExecutionContext(new AsyncJobExecutionContext(job));
String related = job.getRelated();
String logContext = job.getShortUuid();
if (related != null && !related.isEmpty()) {
AsyncJob relatedJob = _jobDao.findByIdIncludingRemoved(Long.parseLong(related));
if (relatedJob != null) {
logContext = relatedJob.getShortUuid();
}
}
ThreadContext.put("logcontextid", logContext);
// execute the job
if (logger.isDebugEnabled()) {
logger.debug("Executing " + StringUtils.cleanString(job.toString()));
}
if ((getAndResetPendingSignals(job) & AsyncJob.Constants.SIGNAL_MASK_WAKEUP) != 0) {
AsyncJobDispatcher jobDispatcher = findWakeupDispatcher(job);
if (jobDispatcher != null) {
jobDispatcher.runJob(job);
} else {
// TODO, job wakeup is not in use yet
if (logger.isTraceEnabled())
logger.trace("Unable to find a wakeup dispatcher from the joined job: " + job); // not cleanJob
}
} else {
AsyncJobDispatcher jobDispatcher = getDispatcher(job.getDispatcher());
if (jobDispatcher != null) {
jobDispatcher.runJob(job);
} else {
logger.error("Unable to find job dispatcher, job will be cancelled");
completeAsyncJob(job.getId(), JobInfo.Status.FAILED, ApiErrorCode.INTERNAL_ERROR.getHttpCode(), null);
}
}
if (logger.isDebugEnabled()) {
logger.debug("Done executing " + job.getCmd() + " for job-" + job.getId());
}
} catch (Throwable e) {
logger.error("Unexpected exception", e);
completeAsyncJob(job.getId(), JobInfo.Status.FAILED, ApiErrorCode.INTERNAL_ERROR.getHttpCode(), null);
} finally {
// guard final clause as well
try {
if (job.getSyncSource() != null) {
// here check queue item one more time to double make sure that queue item is removed in case of any uncaught exception
_queueMgr.purgeItem(job.getSyncSource().getId());
}
try {
JmxUtil.unregisterMBean("AsyncJobManager", "Active Job " + job.getId());
} catch (Exception e) {
// Due to co-existence of normal-dispatched-job/wakeup-dispatched-job, MBean unregister() call
// is expected to fail under situations
if (logger.isTraceEnabled())
logger.trace("Unable to unregister job " + job.getId() + " to JMX monitoring due to exception " + ExceptionUtil.toString(e));
}
//
// clean execution environment
//
AsyncJobExecutionContext.unregister();
_jobMonitor.unregisterActiveTask(runNumber);
} catch (Throwable e) {
logger.error("Double exception", e);
}
}
}
};
}
~~~
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] The sensitvie information job object may leak [cloudstack]
Posted by "1561316811 (via GitHub)" <gi...@apache.org>.
1561316811 commented on issue #8854:
URL: https://github.com/apache/cloudstack/issues/8854#issuecomment-2040961656
Firstly, as we can see, in the following link. we know the "log.trace" need to log out "cleanedCommands", a sensitive variable but masked "password". So we infer "log.trace" cannot log out the sensitive data.
https://github.com/apache/cloudstack/blob/2959cc67652381e3a39b298e674a0bced5002337/plugins/outofbandmanagement-drivers/ipmitool/src/main/java/org/apache/cloudstack/outofbandmanagement/driver/ipmitool/IpmitoolWrapper.java#L175
Secondly, in the following link, we know the "job" is a sensitive variable, that needs to be masked before logging out.
https://github.com/apache/cloudstack/blob/2959cc67652381e3a39b298e674a0bced5002337/framework/jobs/src/main/java/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java#L637
Lastly, in the following link, we can see the "job" was logged out by "log.trace" without masked.
https://github.com/apache/cloudstack/blob/2959cc67652381e3a39b298e674a0bced5002337/framework/jobs/src/main/java/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java#L647
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] The sensitive information job object may leak [cloudstack]
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland closed issue #8854: The sensitive information job object may leak
URL: https://github.com/apache/cloudstack/issues/8854
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] The sensitvie information job object may leak [cloudstack]
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland commented on issue #8854:
URL: https://github.com/apache/cloudstack/issues/8854#issuecomment-2042523709
ok, I'll add another clean action there, thanks @1561316811 and @lujiefsi
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] The sensitvie information job object may leak [cloudstack]
Posted by "lujiefsi (via GitHub)" <gi...@apache.org>.
lujiefsi commented on issue #8854:
URL: https://github.com/apache/cloudstack/issues/8854#issuecomment-2042446303
I understand his explanation roughly. First, he provided this link:
https://github.com/apache/cloudstack/blob/2959cc67652381e3a39b298e674a0bced5002337/plugins/outofbandmanagement-drivers/ipmitool/src/main/java/org/apache/cloudstack/outofbandmanagement/driver/ipmitool/IpmitoolWrapper.java#L175
This is to demonstrate that CloudStack is careful to remove sensitive information even from trace-level logs.
Next, he referenced this link:
https://github.com/apache/cloudstack/blob/2959cc67652381e3a39b298e674a0bced5002337/framework/jobs/src/main/java/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java#L637
This suggests that the 'job' variable is sensitive because of the code `StringUtils.cleanString(job.toString())`, where `StringUtils.cleanString` is used to scrub passwords, indicating that 'job' contains sensitive information like passwords. However, this subsequent piece of code:
https://github.com/apache/cloudstack/blob/2959cc67652381e3a39b298e674a0bced5002337/framework/jobs/src/main/java/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java#L647
logs the 'job' at the trace level. Given the precedent that CloudStack removes sensitive information from trace logs, and since there's an earlier statement to clean sensitive info from the job, he suggests that the logging at:
https://github.com/apache/cloudstack/blob/2959cc67652381e3a39b298e674a0bced5002337/framework/jobs/src/main/java/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java#L647
might be problematic.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] The sensitvie information job object may leak [cloudstack]
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland commented on issue #8854:
URL: https://github.com/apache/cloudstack/issues/8854#issuecomment-2034065647
@1561316811 , this trace logging (which is off by default) , is logging undecoded job info . Can you supply an example of why this is an issue?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] The sensitvie information job object may leak [cloudstack]
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland commented on issue #8854:
URL: https://github.com/apache/cloudstack/issues/8854#issuecomment-2042535762
@blueorangutan package
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] The sensitvie information job object may leak [cloudstack]
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland commented on issue #8854:
URL: https://github.com/apache/cloudstack/issues/8854#issuecomment-2042407883
@1561316811 you are not convincing me
- why is job a sensitive variable?
- if so, why would the operator not be allowed to see it
- how can this be abused? I see no exploit for this.
please enlighten us to what can happen and how would that be done?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org