[jira] [Created] (BROOKLYN-405) Passwords in environment variables logged by brooklyn.SSH debug

Thu, 01 Dec 2016 03:46:23 -0800 

Aled Sage created BROOKLYN-405:
----------------------------------

             Summary: Passwords in environment variables logged by brooklyn.SSH 
debug
                 Key: BROOKLYN-405
                 URL: https://issues.apache.org/jira/browse/BROOKLYN-405
             Project: Brooklyn
          Issue Type: Bug
            Reporter: Aled Sage


In Brooklyn 0.10.0-SNAPSHOT

Passwords that are set in {{shell.env}} (and thus passed into {{check-running}} 
etc) are being logged in plain-text.

Admittedly I'm not using an external credential store, but I suspect that even 
if I was then this would still happen.

We should be calling {{Sanitizer.sanitize(env)}} for our logging.

{noformat}
2016-11-30 11:25:43,520 DEBUG 117 b.SSH [ger-Lh7ezXs6-213] check-running 
VanillaSoftwareProcessImpl{id=enztuvtelc}, initiating ssh on machine 
SshMachineLocation[10.104.0.67:amp@10.104.0.67/10.104.0.67:22(id=l409fq0xsa)] 
(env {ADMIN_PASSWORD=GoXcLbqo6Oxg, DB_USER=micro-user, ADMIN_USER=admin, DB_UR
L=mysql://10.104.0.68:3306/, DB_PASSWORD=tZdPPP9tBSfRTrt, 
HOST_ADDRESS=10.104.0.67, 
PID_FILE=/home/users/amp/brooklyn-managed-processes/apps/bv6tlh58aw/entities/VanillaSoftwareProcess_enztuvtelc/pid.txt}):
 #!/bin/bash -e
 ; export 
INSTALL_DIR="/home/users/amp/brooklyn-managed-processes/installs/VanillaSoftwareProcess_0.0.0_bFlJaB"
 ; export 
RUN_DIR="/home/users/amp/brooklyn-managed-processes/apps/bv6tlh58aw/entities/VanillaSoftwareProcess_enztuvtelc"
 ; mkdir -p $RUN_DIR ; cd $RUN_DIR ; counter=`wget -T 15 -q -O- ${
HOST_ADDRESS}:8080/health --http-user=${ADMIN_USER} 
--http-password=${ADMIN_PASSWORD} | grep -c "status.:.UP"`
if [ $counter -eq 0 ]; then 
  exit 1;
fi
{noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to