GabrielBrascher commented on a change in pull request #4387:
URL: https://github.com/apache/cloudstack/pull/4387#discussion_r504755098
##########
File path:
framework/jobs/src/main/java/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java
##########
@@ -475,14 +475,14 @@ public AsyncJob queryJob(final long jobId, final boolean
updatePollTime) {
return job;
}
- private String obfuscatePassword(String result, boolean hidePassword) {
+ public String obfuscatePassword(String result, boolean hidePassword) {
if (hidePassword) {
String pattern = "\"password\":";
if (result != null) {
if (result.contains(pattern)) {
String[] resp = result.split(pattern);
String psswd = resp[1].toString().split(",")[0];
- result = resp[0] + pattern +
psswd.replace(psswd.substring(2, psswd.length() - 1), "*****") + "," +
resp[1].split(",", 2)[1];
+ result = resp[0] + pattern +
psswd.replace(psswd.substring(2, psswd.length() - 1), "*****\"") + "," +
resp[1].split(",", 2)[1];
Review comment:
I am not sure if replacing the password with `****` would then affect
the intention of the password response.
I think that the idea was to offer admins a hint on the password.
But that is good to keep in mind, thanks for the heads up @rhtyd. What do
you think @DaanHoogland?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
