You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "xiaoqin.fu (Jira)" <ji...@apache.org> on 2020/11/03 05:21:00 UTC
[jira] [Created] (ZOOKEEPER-3989) GenerateLoad needs to use log for
protecting sensitive data
xiaoqin.fu created ZOOKEEPER-3989:
-------------------------------------
Summary: GenerateLoad needs to use log for protecting sensitive data
Key: ZOOKEEPER-3989
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3989
Project: ZooKeeper
Issue Type: Improvement
Components: tests
Affects Versions: 3.4.13, 3.4.11
Reporter: xiaoqin.fu
n methods of org.apache.zookeeper.test.system.GenerateLoad,
public static void main(String[] args) throws InterruptedException,
KeeperException, NoAvailableContainers, DuplicateNameException,
NoAssignmentException {
......
if (!statusWatcher.waitConnected(5000)) {
System.err.println("Could not connect to " + args[0]);
return;
}
......
String mode = getMode(parts[i]);
if (mode.equals("leader")) {
zkHostPort = new StringBuilder(parts[i]);
System.out.println("Connecting exclusively to " + zkHostPort.toString());
break outer;
}
try {
String cmdNumber[] = line.split(" ");
......
} catch (NumberFormatException e) {
System.out.println("Not a valid number: "
+ e.getMessage());
}
......
}
}
Sensitive data about args[0], zkHostPort, and cmdNumber are directly printed and may leak.
For security, log should be used to record these data, as well as log in other classes such as org.apache.zookeeper.server.ZooKeeperServer:
LOG = LoggerFactory.getLogger(GenerateLoad.class);
......
LOG.error("Could not connect to " + args[0]);
......
LOG.info("Connecting exclusively to " + zkHostPort.toString());
......
LOG.error("Not a valid number: " + e.getMessage());
--
This message was sent by Atlassian Jira
(v8.3.4#803005)