[ https://issues.apache.org/jira/browse/BROOKLYN-405?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15711758#comment-15711758 ]
ASF GitHub Bot commented on BROOKLYN-405: ----------------------------------------- GitHub user aledsage opened a pull request: https://github.com/apache/brooklyn-server/pull/475 BROOKLYN-405: ssh doesn't log password environment variables First commit just tidies up tests (allowing more of them to run as unit tests). Second commit actually changes non-test code. You can merge this pull request into a Git repository by running: $ git pull https://github.com/aledsage/brooklyn-server BROOKLYN-405 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/brooklyn-server/pull/475.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #475 ---- commit e5b40cc1866854d8966099c26ea44a62cd9c3196 Author: Aled Sage <aled.s...@gmail.com> Date: 2016-12-01T08:26:56Z SshMachineLocationTest: make non-integration * Uses RecordingSshTool * Moves integration tests into SshMachineLocationIntegrationTest * Changes SshMachineLocationIntegrationTest to extends SshMachineLocationTest. commit 0e509420c052534a0378adc3b3b94b24ef0898ac Author: Aled Sage <aled.s...@gmail.com> Date: 2016-12-01T08:50:22Z BROOKLYN-405: ssh doesn't log password environment variables ---- > Passwords in environment variables logged by brooklyn.SSH debug > --------------------------------------------------------------- > > Key: BROOKLYN-405 > URL: https://issues.apache.org/jira/browse/BROOKLYN-405 > Project: Brooklyn > Issue Type: Bug > Reporter: Aled Sage > > In Brooklyn 0.10.0-SNAPSHOT > Passwords that are set in {{shell.env}} (and thus passed into > {{check-running}} etc) are being logged in plain-text. > Admittedly I'm not using an external credential store, but I suspect that > even if I was then this would still happen. > We should be calling {{Sanitizer.sanitize(env)}} for our logging. > {noformat} > 2016-11-30 11:25:43,520 DEBUG 117 b.SSH [ger-Lh7ezXs6-213] check-running > VanillaSoftwareProcessImpl{id=enztuvtelc}, initiating ssh on machine > SshMachineLocation[10.104.0.67:amp@10.104.0.67/10.104.0.67:22(id=l409fq0xsa)] > (env {ADMIN_PASSWORD=GoXcLbqo6Oxg, DB_USER=micro-user, ADMIN_USER=admin, DB_UR > L=mysql://10.104.0.68:3306/, DB_PASSWORD=tZdPPP9tBSfRTrt, > HOST_ADDRESS=10.104.0.67, > PID_FILE=/home/users/amp/brooklyn-managed-processes/apps/bv6tlh58aw/entities/VanillaSoftwareProcess_enztuvtelc/pid.txt}): > #!/bin/bash -e > ; export > INSTALL_DIR="/home/users/amp/brooklyn-managed-processes/installs/VanillaSoftwareProcess_0.0.0_bFlJaB" > ; export > RUN_DIR="/home/users/amp/brooklyn-managed-processes/apps/bv6tlh58aw/entities/VanillaSoftwareProcess_enztuvtelc" > ; mkdir -p $RUN_DIR ; cd $RUN_DIR ; counter=`wget -T 15 -q -O- ${ > HOST_ADDRESS}:8080/health --http-user=${ADMIN_USER} > --http-password=${ADMIN_PASSWORD} | grep -c "status.:.UP"` > if [ $counter -eq 0 ]; then > exit 1; > fi > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)