You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2020/03/02 19:03:58 UTC

[GitHub] [couchdb] iilyak opened a new pull request #2627: Remove sensitive data from log files

iilyak opened a new pull request #2627: Remove sensitive data from log files
URL: https://github.com/apache/couchdb/pull/2627
 
 
   ## Overview
   
   There are cases where sensitive data can leak into a log file. This PR makes a first stab at the problem. The sensitive data can end up in the log when process implementing `gen_server` or `gen_event` behavior crashes. The erlang implementation of a `gen_server` support a `format_status/2` callback to remove sensitive data from `state` term. However the last message (`LastMsg`) recveived by the process is still logged. In order to solve this problem this PR modifies `couch_log_formatter` to remove `LastMsg` in case when formatted state is a tupple with arity 2 and second element of a tuple is map containing `sensitive` key with value `true`. This allows us to remove sensitive information from both `LastMsg` and `State` via `format_status/2` callback. Here is an example:
   ```
   format_status(_Opt, [_PDict, State]) ->
       #state{
           url = Url,
           proxy_url = ProxyURL,
           limit = Limit
       } = State,
       {[
           {url, couch_util:url_strip_password(Url)},
           {proxy_url, ProxyURL},
           {limit, Limit}
       ], #{sensitive => true}}.
   ```
   
   ## Testing recommendations
   
   1. Make sure all dependent PRs are pulled
   2. Run `make eunit`
   3. Run `make elixir`
   
   ## Related Issues or Pull Requests
   
   This PR depends on the following:
   
   ## Checklist
   
   - [x] Code is written and works correctly
   - [x] Changes are covered by tests
   - [ ] Any new configurable parameters are documented in `rel/overlay/etc/default.ini`
   - [ ] A PR for documentation changes has been made in https://github.com/apache/couchdb-documentation
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services