IGNITE-4537 - Filter possible sensitive user data that might be set in system properties to send in update notifier.
Project: http://git-wip-us.apache.org/repos/asf/ignite/repo Commit: http://git-wip-us.apache.org/repos/asf/ignite/commit/9c401b0d Tree: http://git-wip-us.apache.org/repos/asf/ignite/tree/9c401b0d Diff: http://git-wip-us.apache.org/repos/asf/ignite/diff/9c401b0d Branch: refs/heads/ignite-1.9 Commit: 9c401b0dcfc6edb5cc83f6b35bc0d24db6f10347 Parents: 607f4eb Author: dkarachentsev <[email protected]> Authored: Tue Jan 24 16:40:54 2017 +0300 Committer: dkarachentsev <[email protected]> Committed: Fri Feb 3 12:06:13 2017 +0300 ---------------------------------------------------------------------- .../apache/ignite/IgniteSystemProperties.java | 32 ++++++++++++++++++++ .../processors/cluster/GridUpdateNotifier.java | 2 +- 2 files changed, 33 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ignite/blob/9c401b0d/modules/core/src/main/java/org/apache/ignite/IgniteSystemProperties.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/IgniteSystemProperties.java b/modules/core/src/main/java/org/apache/ignite/IgniteSystemProperties.java index bf51c34..f027098 100644 --- a/modules/core/src/main/java/org/apache/ignite/IgniteSystemProperties.java +++ b/modules/core/src/main/java/org/apache/ignite/IgniteSystemProperties.java @@ -23,6 +23,7 @@ import java.util.Iterator; import java.util.Map; import java.util.Properties; import javax.net.ssl.HostnameVerifier; +import org.apache.ignite.lang.IgnitePredicate; import org.apache.ignite.marshaller.optimized.OptimizedMarshaller; import org.jetbrains.annotations.Nullable; @@ -526,6 +527,15 @@ public final class IgniteSystemProperties { */ public static final String IGNITE_UNWRAP_BINARY_FOR_INDEXING_SPI = "IGNITE_UNWRAP_BINARY_FOR_INDEXING_SPI"; + /** Returns true for system properties only avoiding sending sensitive information. */ + private static final IgnitePredicate<Map.Entry<String, String>> PROPS_FILTER = new IgnitePredicate<Map.Entry<String, String>>() { + @Override public boolean apply(final Map.Entry<String, String> entry) { + final String key = entry.getKey(); + + return key.startsWith("java.") || key.startsWith("os.") || key.startsWith("user."); + } + }; + /** * Enforces singleton. */ @@ -699,4 +709,26 @@ public final class IgniteSystemProperties { return sysProps; } + + /** + * Does the same as {@link #snapshot()} but filters out + * possible sensitive user data. + * + * @return Snapshot of system properties. + */ + @SuppressWarnings("unchecked") + public static Properties safeSnapshot() { + final Properties props = snapshot(); + + final Iterator<Map.Entry<Object, Object>> iter = props.entrySet().iterator(); + + while (iter.hasNext()) { + final Map.Entry entry = iter.next(); + + if (!PROPS_FILTER.apply(entry)) + iter.remove(); + } + + return props; + } } http://git-wip-us.apache.org/repos/asf/ignite/blob/9c401b0d/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridUpdateNotifier.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridUpdateNotifier.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridUpdateNotifier.java index 592fdd1..5b2edcd 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridUpdateNotifier.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cluster/GridUpdateNotifier.java @@ -169,7 +169,7 @@ class GridUpdateNotifier { StringWriter sw = new StringWriter(); try { - IgniteSystemProperties.snapshot().store(new PrintWriter(sw), ""); + IgniteSystemProperties.safeSnapshot().store(new PrintWriter(sw), ""); } catch (IOException ignore) { return null;
