lujiefsi commented on issue #8854: URL: https://github.com/apache/cloudstack/issues/8854#issuecomment-2042446303
I understand his explanation roughly. First, he provided this link: https://github.com/apache/cloudstack/blob/2959cc67652381e3a39b298e674a0bced5002337/plugins/outofbandmanagement-drivers/ipmitool/src/main/java/org/apache/cloudstack/outofbandmanagement/driver/ipmitool/IpmitoolWrapper.java#L175 This is to demonstrate that CloudStack is careful to remove sensitive information even from trace-level logs. Next, he referenced this link: https://github.com/apache/cloudstack/blob/2959cc67652381e3a39b298e674a0bced5002337/framework/jobs/src/main/java/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java#L637 This suggests that the 'job' variable is sensitive because of the code `StringUtils.cleanString(job.toString())`, where `StringUtils.cleanString` is used to scrub passwords, indicating that 'job' contains sensitive information like passwords. However, this subsequent piece of code: https://github.com/apache/cloudstack/blob/2959cc67652381e3a39b298e674a0bced5002337/framework/jobs/src/main/java/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java#L647 logs the 'job' at the trace level. Given the precedent that CloudStack removes sensitive information from trace logs, and since there's an earlier statement to clean sensitive info from the job, he suggests that the logging at: https://github.com/apache/cloudstack/blob/2959cc67652381e3a39b298e674a0bced5002337/framework/jobs/src/main/java/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java#L647 might be problematic. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
