This is an automated email from the ASF dual-hosted git repository. heneveld pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git
commit 5397739d8b6da371d1d0815f8b2104a0cb173f80 Author: Alex Heneveld <[email protected]> AuthorDate: Tue Sep 14 23:01:15 2021 +0100 only include 4 bytes (8 chars) of the md5 checksum --- .../org/apache/brooklyn/core/config/Sanitizer.java | 19 +++++++------------ .../apache/brooklyn/core/config/SanitizerTest.java | 2 +- 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/core/src/main/java/org/apache/brooklyn/core/config/Sanitizer.java b/core/src/main/java/org/apache/brooklyn/core/config/Sanitizer.java index f123c20..e2e6c16 100644 --- a/core/src/main/java/org/apache/brooklyn/core/config/Sanitizer.java +++ b/core/src/main/java/org/apache/brooklyn/core/config/Sanitizer.java @@ -18,33 +18,27 @@ */ package org.apache.brooklyn.core.config; -import com.google.common.reflect.TypeToken; +import com.google.common.base.Predicate; +import com.google.common.collect.ImmutableList; +import com.google.common.collect.Lists; +import com.google.common.collect.Maps; +import com.google.common.collect.Sets; import java.io.ByteArrayInputStream; import java.util.Arrays; import java.util.List; import java.util.Map; import java.util.Set; - import java.util.stream.Collectors; import org.apache.brooklyn.api.mgmt.ManagementContext; import org.apache.brooklyn.config.ConfigKey; import org.apache.brooklyn.core.server.BrooklynServerConfig; import org.apache.brooklyn.util.core.config.ConfigBag; - -import com.google.common.base.Predicate; -import com.google.common.collect.ImmutableList; -import com.google.common.collect.Lists; -import com.google.common.collect.Maps; -import com.google.common.collect.Sets; import org.apache.brooklyn.util.core.flags.TypeCoercions; import org.apache.brooklyn.util.core.osgi.Osgis; -import org.apache.brooklyn.util.internal.BrooklynSystemProperties; import org.apache.brooklyn.util.internal.StringSystemProperty; import org.apache.brooklyn.util.stream.Streams; import org.apache.brooklyn.util.text.StringEscapes.BashStringEscapes; import org.apache.brooklyn.util.text.Strings; -import org.osgi.framework.Bundle; -import org.osgi.framework.ServiceReference; public final class Sanitizer { @@ -145,7 +139,8 @@ public final class Sanitizer { } public static String suppress(Object value) { - String md5Checksum = Streams.getMd5Checksum(new ByteArrayInputStream(("" + value).getBytes())); + // only include the first few chars so that malicious observers can't uniquely brute-force discover the source + String md5Checksum = Strings.maxlen(Streams.getMd5Checksum(new ByteArrayInputStream(("" + value).getBytes())), 8); return "<suppressed> (MD5 hash: " + md5Checksum + ")"; } diff --git a/core/src/test/java/org/apache/brooklyn/core/config/SanitizerTest.java b/core/src/test/java/org/apache/brooklyn/core/config/SanitizerTest.java index 4b8e428..9b75034 100644 --- a/core/src/test/java/org/apache/brooklyn/core/config/SanitizerTest.java +++ b/core/src/test/java/org/apache/brooklyn/core/config/SanitizerTest.java @@ -84,7 +84,7 @@ public class SanitizerTest { " allowedOnNewLine" )), Strings.lines( "public: password", - "private: <suppressed> (MD5 hash: " + hashPassword2 + ")", + "private: <suppressed> (MD5 hash: " + hashPassword2.substring(0, 8) + ")", "private: ", " allowedOnNewLine" ));
