[
https://issues.apache.org/jira/browse/HADOOP-17618?focusedWorklogId=575356&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-575356
]
ASF GitHub Bot logged work on HADOOP-17618:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 01/Apr/21 07:15
Start Date: 01/Apr/21 07:15
Worklog Time Spent: 10m
Work Description: vinaysbadami commented on a change in pull request
#2845:
URL: https://github.com/apache/hadoop/pull/2845#discussion_r605424939
##########
File path:
hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/services/AbfsHttpOperation.java
##########
@@ -558,6 +560,24 @@ public String getSignatureMaskedEncodedUrl() {
return this.maskedEncodedUrl;
}
+ public void maskSASObjectIDs() {
+ int oidStartIdx, ampIdx, oidEndIndex, qpStrIdx;
+ for (String qpKey : SAS_OID_PARAM_KEYS) {
+ qpStrIdx = maskedUrl.indexOf('&' + qpKey);
Review comment:
this.maskedUrl to be consistent with rest of file
##########
File path:
hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/services/AbfsHttpOperation.java
##########
@@ -558,6 +560,24 @@ public String getSignatureMaskedEncodedUrl() {
return this.maskedEncodedUrl;
}
+ public void maskSASObjectIDs() {
+ int oidStartIdx, ampIdx, oidEndIndex, qpStrIdx;
+ for (String qpKey : SAS_OID_PARAM_KEYS) {
+ qpStrIdx = maskedUrl.indexOf('&' + qpKey);
+ if (qpStrIdx == -1) {
+ qpStrIdx = maskedUrl.indexOf('?' + qpKey);
+ if (qpStrIdx == -1) {
+ continue;
+ }
+ }
+ oidStartIdx = qpStrIdx + qpKey.length() + 1;
+ ampIdx = maskedUrl.indexOf("&", oidStartIdx);
+ oidEndIndex = (ampIdx != -1) ? ampIdx : maskedUrl.length();
+ maskedUrl = maskedUrl.substring(0, oidStartIdx + 5) + "XXXX" + maskedUrl
+ .substring(oidEndIndex);
+ }
Review comment:
should we move all the masking logic to a single static method that
takes a string and returns a masked string
that will make testing easier.
Also should we look at this method in a utils class to keep this class
cleaner
##########
File path:
hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/services/AbfsHttpOperation.java
##########
@@ -558,6 +560,24 @@ public String getSignatureMaskedEncodedUrl() {
return this.maskedEncodedUrl;
}
+ public void maskSASObjectIDs() {
+ int oidStartIdx, ampIdx, oidEndIndex, qpStrIdx;
Review comment:
move to point of first use
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 575356)
Time Spent: 1h 10m (was: 1h)
> ABFS: Partially obfuscate SAS object IDs in Logs
> ------------------------------------------------
>
> Key: HADOOP-17618
> URL: https://issues.apache.org/jira/browse/HADOOP-17618
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/azure
> Affects Versions: 3.3.1
> Reporter: Sumangala Patki
> Assignee: Sumangala Patki
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> Delegation SAS tokens are created using various parameters for specifying
> details such as permissions and validity. The requests are logged, along with
> values of all the query parameters. This change will partially mask values
> logged for the following object IDs representing the security principal:
> skoid, saoid, suoid
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
