This is an automated email from the ASF dual-hosted git repository.
gian pushed a commit to branch 0.22.1
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/0.22.1 by this push:
new 8021357 Do not log sensitive property value if JsonConfigurator fails
to parse (#11787)
8021357 is described below
commit 802135760270700ef6bf1c26a84c2f28743d0bcf
Author: Kashif Faraz <[email protected]>
AuthorDate: Sat Oct 9 09:59:03 2021 +0530
Do not log sensitive property value if JsonConfigurator fails to parse
(#11787)
* Do not log property value if JsonConfigurator fails to parse
* Add comment to explain log change
* Fix log language
---
core/src/main/java/org/apache/druid/guice/JsonConfigurator.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/core/src/main/java/org/apache/druid/guice/JsonConfigurator.java
b/core/src/main/java/org/apache/druid/guice/JsonConfigurator.java
index d0db1e2..e055396 100644
--- a/core/src/main/java/org/apache/druid/guice/JsonConfigurator.java
+++ b/core/src/main/java/org/apache/druid/guice/JsonConfigurator.java
@@ -100,7 +100,9 @@ public class JsonConfigurator
value = jsonMapper.readValue(modifiedPropValue, Object.class);
}
catch (IOException e) {
- log.info(e, "Unable to parse [%s]=[%s] as a json object, using as
is.", prop, propValue);
+ // Do not log exception message or the property value as it might
+ // expose sensitive information
+ log.info("Unable to parse value of property [%s] as a json object,
using as is.", prop);
value = propValue;
}
hieraricalPutValue(propertyPrefix, prop,
prop.substring(propertyBase.length()), value, jsonMap);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
