[
https://issues.apache.org/jira/browse/BROOKLYN-405?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15711758#comment-15711758
]
ASF GitHub Bot commented on BROOKLYN-405:
-----------------------------------------
GitHub user aledsage opened a pull request:
https://github.com/apache/brooklyn-server/pull/475
BROOKLYN-405: ssh doesn't log password environment variables
First commit just tidies up tests (allowing more of them to run as unit
tests).
Second commit actually changes non-test code.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/aledsage/brooklyn-server BROOKLYN-405
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/brooklyn-server/pull/475.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #475
----
commit e5b40cc1866854d8966099c26ea44a62cd9c3196
Author: Aled Sage <aled.s...@gmail.com>
Date: 2016-12-01T08:26:56Z
SshMachineLocationTest: make non-integration
* Uses RecordingSshTool
* Moves integration tests into SshMachineLocationIntegrationTest
* Changes SshMachineLocationIntegrationTest to extends
SshMachineLocationTest.
commit 0e509420c052534a0378adc3b3b94b24ef0898ac
Author: Aled Sage <aled.s...@gmail.com>
Date: 2016-12-01T08:50:22Z
BROOKLYN-405: ssh doesn't log password environment variables
----
> Passwords in environment variables logged by brooklyn.SSH debug
> ---------------------------------------------------------------
>
> Key: BROOKLYN-405
> URL: https://issues.apache.org/jira/browse/BROOKLYN-405
> Project: Brooklyn
> Issue Type: Bug
> Reporter: Aled Sage
>
> In Brooklyn 0.10.0-SNAPSHOT
> Passwords that are set in {{shell.env}} (and thus passed into
> {{check-running}} etc) are being logged in plain-text.
> Admittedly I'm not using an external credential store, but I suspect that
> even if I was then this would still happen.
> We should be calling {{Sanitizer.sanitize(env)}} for our logging.
> {noformat}
> 2016-11-30 11:25:43,520 DEBUG 117 b.SSH [ger-Lh7ezXs6-213] check-running
> VanillaSoftwareProcessImpl{id=enztuvtelc}, initiating ssh on machine
> SshMachineLocation[10.104.0.67:amp@10.104.0.67/10.104.0.67:22(id=l409fq0xsa)]
> (env {ADMIN_PASSWORD=GoXcLbqo6Oxg, DB_USER=micro-user, ADMIN_USER=admin, DB_UR
> L=mysql://10.104.0.68:3306/, DB_PASSWORD=tZdPPP9tBSfRTrt,
> HOST_ADDRESS=10.104.0.67,
> PID_FILE=/home/users/amp/brooklyn-managed-processes/apps/bv6tlh58aw/entities/VanillaSoftwareProcess_enztuvtelc/pid.txt}):
> #!/bin/bash -e
> ; export
> INSTALL_DIR="/home/users/amp/brooklyn-managed-processes/installs/VanillaSoftwareProcess_0.0.0_bFlJaB"
> ; export
> RUN_DIR="/home/users/amp/brooklyn-managed-processes/apps/bv6tlh58aw/entities/VanillaSoftwareProcess_enztuvtelc"
> ; mkdir -p $RUN_DIR ; cd $RUN_DIR ; counter=`wget -T 15 -q -O- ${
> HOST_ADDRESS}:8080/health --http-user=${ADMIN_USER}
> --http-password=${ADMIN_PASSWORD} | grep -c "status.:.UP"`
> if [ $counter -eq 0 ]; then
> exit 1;
> fi
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
