You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@zookeeper.apache.org by "Damien Diederen (Jira)" <ji...@apache.org> on 2020/11/23 11:41:00 UTC

[jira] [Resolved] (ZOOKEEPER-3989) GenerateLoad needs to use log for protecting sensitive data

     [ https://issues.apache.org/jira/browse/ZOOKEEPER-3989?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Damien Diederen resolved ZOOKEEPER-3989.
----------------------------------------
    Fix Version/s: 3.7.0
       Resolution: Fixed

Issue resolved by pull request 1530
[https://github.com/apache/zookeeper/pull/1530]

> GenerateLoad needs to use log for protecting sensitive data
> -----------------------------------------------------------
>
>                 Key: ZOOKEEPER-3989
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3989
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: tests
>    Affects Versions: 3.4.11, 3.4.13
>            Reporter: xiaoqin.fu
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 3.7.0
>
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> n methods of org.apache.zookeeper.test.system.GenerateLoad,
> 	public static void main(String[] args) throws InterruptedException,
>             KeeperException, NoAvailableContainers, DuplicateNameException,
>             NoAssignmentException {  
> 				......
>                 if (!statusWatcher.waitConnected(5000)) {
>                     System.err.println("Could not connect to " + args[0]);
>                     return;
>                 }			
> 				......
> 				String mode = getMode(parts[i]);
> 				if (mode.equals("leader")) {
> 					zkHostPort = new StringBuilder(parts[i]);
> 					System.out.println("Connecting exclusively to " + zkHostPort.toString());
> 					break outer;
> 				}
> 				try {
> 					String cmdNumber[] = line.split(" ");
> 					......
> 				} catch (NumberFormatException e) {
> 					System.out.println("Not a valid number: "
> 							+ e.getMessage());
> 				}
> 				......				
>             }					
> 	}			
> Sensitive data about args[0], zkHostPort, and cmdNumber are directly printed and may leak. 
> For security, log should be used to record these data, as well as log in other classes such as org.apache.zookeeper.server.ZooKeeperServer:
> 	LOG = LoggerFactory.getLogger(GenerateLoad.class);
> 	......
> 	LOG.error("Could not connect to " + args[0]);
> 	......
> 	LOG.info("Connecting exclusively to " + zkHostPort.toString());
> 	......
> 	LOG.error("Not a valid number: " + e.getMessage());



--
This message was sent by Atlassian Jira
(v8.3.4#803005)