[jira] [Updated] (CASSANDRA-20208) audit_logging_options parameters are not sanitized when loaded from a configuration file on startup

[Stefan Miklosovic (Jira)]

     [ 
https://issues.apache.org/jira/browse/CASSANDRA-20208?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stefan Miklosovic updated CASSANDRA-20208:
------------------------------------------
          Fix Version/s: 4.1.8
                         5.0.3
                         5.1
                             (was: 5.x)
                             (was: 4.1.x)
                             (was: 5.0.x)
          Since Version: 4.0.0
    Source Control Link: 
https://github.com/apache/cassandra/commit/f66183a711dd440b3619a960ba4e5444c1c900ff
             Resolution: Fixed
                 Status: Resolved  (was: Ready to Commit)

> audit_logging_options parameters are not sanitized when loaded from a 
> configuration file on startup
> ---------------------------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-20208
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-20208
>             Project: Apache Cassandra
>          Issue Type: Bug
>          Components: Observability/Logging
>            Reporter: Dmitry Konstantinov
>            Assignee: Stefan Miklosovic
>            Priority: Normal
>             Fix For: 4.1.8, 5.0.3, 5.1
>
>         Attachments: audit_filtering_state.png
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> based on the discussion in 
> [https://lists.apache.org/thread/3whc30bqfcr1vgwv73zwlv74l2v3c0gt]
> a configuration like this:
> {code:java}
> audit_logging_options:
>   enabled: true
>   logger:
>     - class_name: FileAuditLogger
>   included_categories: DCL, ERROR, AUTH {code}
> is not sanitized when it is loaded on startup from cassandra.yaml file - 
> spaces here are remaining: " ERROR", " AUTH" after parsing. As a result the 
> audit logs filtering works not in a way as a user may expect and it is hard 
> to troubleshoot:
> !audit_filtering_state.png|width=400!
> When we run nodetool enableauditlog the following logic is invoked: 
> [https://github.com/apache/cassandra/blob/cassandra-4.1.7/src/java/org/apache/cassandra/service/StorageService.java#L6459]
>  which rebuild AuditLogOptions using builder API.AuditLogOption.build() has 
> sanitisation logic which does the trimming: 
> [https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/audit/AuditLogOptions.java#L235]
>  
> org.apache.cassandra.config.Config#audit_logging_options is created a generic 
> reflective code which does not use the builder, so there is no trimming 
> during a startup.
> It can be fixed by adding sanitisation during the startup parsing too to make 
> the behaviour more consistent and less error prone.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org