You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2013/12/04 02:31:48 UTC
git commit: updated refs/heads/master to f420b74
Updated Branches:
refs/heads/master 1c4f1deaa -> f420b7489
CLOUDSTACK-5355: addImageStore should not log password in clear text in
the log.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/f420b748
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/f420b748
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/f420b748
Branch: refs/heads/master
Commit: f420b748903eb261e7721512da0168733d82d202
Parents: 1c4f1de
Author: Min Chen <mi...@citrix.com>
Authored: Tue Dec 3 15:42:38 2013 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Tue Dec 3 16:55:26 2013 -0800
----------------------------------------------------------------------
.../lifecycle/CloudStackImageStoreLifeCycleImpl.java | 6 ++++--
utils/src/com/cloud/utils/StringUtils.java | 4 ++--
utils/test/com/cloud/utils/StringUtilsTest.java | 8 ++++++++
3 files changed, 14 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f420b748/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java
----------------------------------------------------------------------
diff --git a/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java b/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java
index fa07eb8..95c9034 100644
--- a/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java
+++ b/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java
@@ -26,6 +26,8 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
+import com.ibm.wsdl.util.StringUtils;
+
import org.apache.cloudstack.engine.subsystem.api.storage.ClusterScope;
import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
import org.apache.cloudstack.engine.subsystem.api.storage.HostScope;
@@ -84,13 +86,13 @@ public class CloudStackImageStoreLifeCycleImpl implements ImageStoreLifeCycle {
DataStoreRole role = (DataStoreRole)dsInfos.get("role");
Map<String, String> details = (Map<String, String>)dsInfos.get("details");
- s_logger.info("Trying to add a new data store at " + url + " to data center " + dcId);
+ s_logger.info("Trying to add a new data store at " + StringUtils.cleanString(url) + " to data center " + dcId);
URI uri = null;
try {
uri = new URI(UriUtils.encodeURIComponent(url));
if (uri.getScheme() == null) {
- throw new InvalidParameterValueException("uri.scheme is null " + url + ", add nfs:// (or cifs://) as a prefix");
+ throw new InvalidParameterValueException("uri.scheme is null " + StringUtils.cleanString(url) + ", add nfs:// (or cifs://) as a prefix");
} else if (uri.getScheme().equalsIgnoreCase("nfs")) {
if (uri.getHost() == null || uri.getHost().equalsIgnoreCase("") || uri.getPath() == null || uri.getPath().equalsIgnoreCase("")) {
throw new InvalidParameterValueException("Your host and/or path is wrong. Make sure it's of the format nfs://hostname/path");
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f420b748/utils/src/com/cloud/utils/StringUtils.java
----------------------------------------------------------------------
diff --git a/utils/src/com/cloud/utils/StringUtils.java b/utils/src/com/cloud/utils/StringUtils.java
index fef96f9..ddd09de 100644
--- a/utils/src/com/cloud/utils/StringUtils.java
+++ b/utils/src/com/cloud/utils/StringUtils.java
@@ -152,8 +152,8 @@ public class StringUtils {
return sb.toString();
}
- // removes a password request param and it's value
- private static final Pattern REGEX_PASSWORD_QUERYSTRING = Pattern.compile("&?(password|accesskey|secretkey)=.*?(?=[&'\"])");
+ // removes a password request param and it's value, also considering password is in query parameter value which has been url encoded
+ private static final Pattern REGEX_PASSWORD_QUERYSTRING = Pattern.compile("(&|%26)?(password|accesskey|secretkey)(=|%3D).*?(?=(%26|[&'\"]))");
// removes a password/accesskey/ property from a response json object
private static final Pattern REGEX_PASSWORD_JSON = Pattern.compile("\"(password|accesskey|secretkey)\":\".*?\",?");
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f420b748/utils/test/com/cloud/utils/StringUtilsTest.java
----------------------------------------------------------------------
diff --git a/utils/test/com/cloud/utils/StringUtilsTest.java b/utils/test/com/cloud/utils/StringUtilsTest.java
index 28da7e8..cc22f9d 100644
--- a/utils/test/com/cloud/utils/StringUtilsTest.java
+++ b/utils/test/com/cloud/utils/StringUtilsTest.java
@@ -72,6 +72,14 @@ public class StringUtilsTest {
}
@Test
+ public void testCleanPasswordFromEncodedRequestString() {
+ String input = "name=SS1&provider=SMB&zoneid=5a60af2b-3025-4f2a-9ecc-8e33bf2b94e3&url=cifs%3A%2F%2F10.102.192.150%2FSMB-Share%2Fsowmya%2Fsecondary%3Fuser%3Dsowmya%26password%3DXXXXX%40123%26domain%3DBLR";
+ String expected = "name=SS1&provider=SMB&zoneid=5a60af2b-3025-4f2a-9ecc-8e33bf2b94e3&url=cifs%3A%2F%2F10.102.192.150%2FSMB-Share%2Fsowmya%2Fsecondary%3Fuser%3Dsowmya%26domain%3DBLR";
+ String result = StringUtils.cleanString(input);
+ assertEquals(result, expected);
+ }
+
+ @Test
public void testCleanPasswordFromRequestStringWithMultiplePasswords() {
String input = "username=foo&password=bar&url=foobar&password=bar2&test=4";
String expected = "username=foo&url=foobar&test=4";