You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Andres de la Peña (Jira)" <ji...@apache.org> on 2021/07/28 12:36:00 UTC

[jira] [Updated] (CASSANDRA-16817) Fix ERROR message which prints data information in the logs

     [ https://issues.apache.org/jira/browse/CASSANDRA-16817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andres de la Peña updated CASSANDRA-16817:
------------------------------------------
     Bug Category: Parent values: Security(12985)Level 1 values: Information Leakage(12999)
       Complexity: Low Hanging Fruit
    Discovered By: User Report
    Fix Version/s: 4.x
                   4.0.x
                   3.11.x
                   3.0.x
         Severity: Low
           Status: Open  (was: Triage Needed)

> Fix ERROR message which prints data information in the logs
> -----------------------------------------------------------
>
>                 Key: CASSANDRA-16817
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16817
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Feature/Materialized Views
>            Reporter: Andres de la Peña
>            Assignee: Andres de la Peña
>            Priority: Normal
>             Fix For: 3.0.x, 3.11.x, 4.0.x, 4.x
>
>
> {{StorageProxy.mutateMV}} might log [an error message|https://github.com/apache/cassandra/blob/cassandra-3.0/src/java/org/apache/cassandra/service/StorageProxy.java#L880] that prints user data in the logs beyond the row key, for example:
> {code}
> ERROR [MutationStage-2] 2021-07-28 13:08:52,609 StorageProxy.java:1002 - Error applying local view update to keyspace k: Mutation(keyspace='k', key='00000001', modifications=[
>   [k.mv] key=1 partition_deletion=deletedAt=-9223372036854775808, localDeletion=2147483647 columns=[[] | []]
>     Row[info=[ts=1627474132606719] ]: k=0, v=MY CONFIDENTIAL DATA |
> ])
> {code}
> We should probably change that log message so it doesn't print the entire mutation but only the keyspace, tables and partition key of the mutation.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org