Github user remibergsma commented on the pull request:
https://github.com/apache/cloudstack/pull/1055#issuecomment-155412998
@DaanHoogland sent me the below patch the other day and I run some tests on
it. Just FYI the results (he rebased later and made a PR). The commit hash
obviously doesn't match as it was my temp patch apply commit.
The patch I tested:
```
commit cad68778d8714a5359e3fa79a33d05206e032fea
Author: root <r...@cs1.cloud.lan>
Date: Mon Nov 9 12:40:36 2015 +0000
private key security fix received from Daan
diff --git
a/api/src/org/apache/cloudstack/api/command/admin/resource/UploadCustomCertificateCmd.java
b/api/src/org/apache/cloudstack/api/command/admin/resource/UploadCustomCertificateCmd.java
index e11876a..e8d6cc5 100644
---
a/api/src/org/apache/cloudstack/api/command/admin/resource/UploadCustomCertificateCmd.java
+++
b/api/src/org/apache/cloudstack/api/command/admin/resource/UploadCustomCertificateCmd.java
@@ -32,7 +32,7 @@ import com.cloud.user.Account;
@APICommand(name = "uploadCustomCertificate",
responseObject = CustomCertificateResponse.class,
description = "Uploads a custom certificate for the console
proxy VMs to use for SSL. Can be used to upload a single certificate signed by
a known CA. Can also be used, through mu
- requestHasSensitiveInfo = false, responseHasSensitiveInfo =
false)
+ requestHasSensitiveInfo = true, responseHasSensitiveInfo =
false)
public class UploadCustomCertificateCmd extends BaseAsyncCmd {
public static final Logger s_logger =
Logger.getLogger(UploadCustomCertificateCmd.class.getName());
diff --git a/utils/src/main/java/com/cloud/utils/StringUtils.java
b/utils/src/main/java/com/cloud/utils/StringUtils.java
index c598be8..71cebe1 100644
--- a/utils/src/main/java/com/cloud/utils/StringUtils.java
+++ b/utils/src/main/java/com/cloud/utils/StringUtils.java
@@ -186,7 +186,7 @@ public class StringUtils {
private static final Pattern REGEX_PASSWORD_QUERYSTRING =
Pattern.compile("(&|%26)?[^(&|%26)]*((p|P)assword|accesskey|secretkey)(=|%3D).*?(?=(%26|[&'\"]|$))");
// removes a password/accesskey/ property from a response json object
- private static final Pattern REGEX_PASSWORD_JSON =
Pattern.compile("\"((p|P)assword|accesskey|secretkey)\":\\s?\".*?\",?");
+ private static final Pattern REGEX_PASSWORD_JSON =
Pattern.compile("\"((p|P)assword|privatekey|accesskey|secretkey)\":\\s?\".*?\",?");
private static final Pattern REGEX_PASSWORD_DETAILS =
Pattern.compile("(&|%26)?details(\\[|%5B)\\d*(\\]|%5D)\\.key(=|%3D)((p|P)assword|accesskey|secretkey)(?=(%26|[&'\"]))");
```
Tests:
```
nosetests --with-marvin --marvin-config=${marvinCfg} -s -a
tags=advanced,required_hardware=true \
component/test_vpc_redundant.py \
component/test_routers_iptables_default_policy.py \
component/test_routers_network_ops.py \
component/test_vpc_router_nics.py \
smoke/test_loadbalance.py \
smoke/test_internal_lb.py \
smoke/test_ssvm.py \
smoke/test_network.py
```
Result:
```
[root@cs1 MarvinLogs]# cat test_network_XFGU4E/results.txt
Create a redundant VPC with two networks with two VMs in each network ...
=== TestName: test_01_create_redundant_VPC_2tiers_4VMs_4IPs_4PF_ACL | Status :
SUCCESS ===
ok
Create a redundant VPC with two networks with two VMs in each network and
check default routes ... === TestName: test_02_redundant_VPC_default_routes |
Status : SUCCESS ===
ok
Test iptables default INPUT/FORWARD policy on RouterVM ... === TestName:
test_02_routervm_iptables_policies | Status : SUCCESS ===
ok
Test iptables default INPUT/FORWARD policies on VPC router ... ===
TestName: test_01_single_VPC_iptables_policies | Status : SUCCESS ===
ok
Stop existing router, add a PF rule and check we can access the VM ... ===
TestName: test_isolate_network_FW_PF_default_routes | Status : SUCCESS ===
ok
Test redundant router internals ... === TestName:
test_RVR_Network_FW_PF_SSH_default_routes | Status : SUCCESS ===
ok
Create a VPC with two networks with one VM in each network and test nics
after destroy ... === TestName: test_01_VPC_nics_after_destroy | Status :
SUCCESS ===
ok
Create a VPC with two networks with one VM in each network and test default
routes ... === TestName: test_02_VPC_default_routes | Status : SUCCESS ===
ok
Check the password file in the Router VM ... === TestName:
test_isolate_network_password_server | Status : SUCCESS ===
ok
Check that the /etc/dhcphosts.txt doesn't contain duplicate IPs ... ===
TestName: test_router_dhcphosts | Status : SUCCESS ===
ok
Test to create Load balancing rule with source NAT ... === TestName:
test_01_create_lb_rule_src_nat | Status : SUCCESS ===
ok
Test to create Load balancing rule with non source NAT ... === TestName:
test_02_create_lb_rule_non_nat | Status : SUCCESS ===
ok
Test for assign & removing load balancing rule ... === TestName:
test_assign_and_removal_lb | Status : SUCCESS ===
ok
Test to verify access to loadbalancer haproxy admin stats page ... ===
TestName: test02_internallb_haproxy_stats_on_all_interfaces | Status : SUCCESS
===
ok
Test create, assign, remove of an Internal LB with roundrobin http traffic
to 3 vm's ... === TestName: test_01_internallb_roundrobin_1VPC_3VM_HTTP_port80
| Status : SUCCESS ===
ok
Test SSVM Internals ... === TestName: test_03_ssvm_internals | Status :
SUCCESS ===
ok
Test CPVM Internals ... === TestName: test_04_cpvm_internals | Status :
SUCCESS ===
ok
Test stop SSVM ... === TestName: test_05_stop_ssvm | Status : SUCCESS ===
ok
Test stop CPVM ... === TestName: test_06_stop_cpvm | Status : SUCCESS ===
ok
Test reboot SSVM ... === TestName: test_07_reboot_ssvm | Status : SUCCESS
===
ok
Test reboot CPVM ... === TestName: test_08_reboot_cpvm | Status : SUCCESS
===
ok
Test destroy SSVM ... === TestName: test_09_destroy_ssvm | Status : SUCCESS
===
ok
Test destroy CPVM ... === TestName: test_10_destroy_cpvm | Status : SUCCESS
===
ok
Test for port forwarding on source NAT ... === TestName:
test_01_port_fwd_on_src_nat | Status : SUCCESS ===
ok
Test for port forwarding on non source NAT ... === TestName:
test_02_port_fwd_on_non_src_nat | Status : SUCCESS ===
ok
Test for reboot router ... === TestName: test_reboot_router | Status :
SUCCESS ===
ok
Test for Router rules for network rules on acquired public IP ... ===
TestName: test_network_rules_acquired_public_ip_1_static_nat_rule | Status :
SUCCESS ===
ok
Test for Router rules for network rules on acquired public IP ... ===
TestName: test_network_rules_acquired_public_ip_2_nat_rule | Status : SUCCESS
===
ok
Test for Router rules for network rules on acquired public IP ... ===
TestName: test_network_rules_acquired_public_ip_3_Load_Balancer_Rule | Status :
SUCCESS ===
ok
----------------------------------------------------------------------
Ran 29 tests in 12467.478s
OK
```
And:
```
nosetests --with-marvin --marvin-config=${marvinCfg} -s -a
tags=advanced,required_hardware=false \
smoke/test_routers.py \
smoke/test_network_acl.py \
smoke/test_privategw_acl.py \
smoke/test_reset_vm_on_reboot.py \
smoke/test_vm_life_cycle.py \
smoke/test_vpc_vpn.py \
smoke/test_service_offerings.py \
component/test_vpc_offerings.py \
component/test_vpc_routers.py
```
Result:
```
[root@cs1 MarvinLogs]# cat test_vpc_routers_BFJ8KP/results.txt
Test router internal advanced zone ... === TestName:
test_02_router_internal_adv | Status : SUCCESS ===
ok
Test restart network ... === TestName: test_03_restart_network_cleanup |
Status : SUCCESS ===
ok
Test router basic setup ... === TestName: test_05_router_basic | Status :
SUCCESS ===
ok
Test router advanced setup ... === TestName: test_06_router_advanced |
Status : SUCCESS ===
ok
Test stop router ... === TestName: test_07_stop_router | Status : SUCCESS
===
ok
Test start router ... === TestName: test_08_start_router | Status : SUCCESS
===
ok
Test reboot router ... === TestName: test_09_reboot_router | Status :
SUCCESS ===
ok
test_privategw_acl (integration.smoke.test_privategw_acl.TestPrivateGwACL)
... === TestName: test_privategw_acl | Status : SUCCESS ===
ok
Test reset virtual machine on reboot ... === TestName:
test_01_reset_vm_on_reboot | Status : SUCCESS ===
ok
Test advanced zone virtual router ... === TestName:
test_advZoneVirtualRouter | Status : SUCCESS ===
ok
Test Deploy Virtual Machine ... === TestName: test_deploy_vm | Status :
SUCCESS ===
ok
Test Multiple Deploy Virtual Machine ... === TestName:
test_deploy_vm_multiple | Status : SUCCESS ===
ok
Test Stop Virtual Machine ... === TestName: test_01_stop_vm | Status :
SUCCESS ===
ok
Test Start Virtual Machine ... === TestName: test_02_start_vm | Status :
SUCCESS ===
ok
Test Reboot Virtual Machine ... === TestName: test_03_reboot_vm | Status :
SUCCESS ===
ok
Test destroy Virtual Machine ... === TestName: test_06_destroy_vm | Status
: SUCCESS ===
ok
Test recover Virtual Machine ... === TestName: test_07_restore_vm | Status
: SUCCESS ===
ok
Test migrate VM ... === TestName: test_08_migrate_vm | Status : SUCCESS ===
ok
Test destroy(expunge) Virtual Machine ... === TestName: test_09_expunge_vm
| Status : SUCCESS ===
ok
Test to create service offering ... === TestName:
test_01_create_service_offering | Status : SUCCESS ===
ok
Test to update existing service offering ... === TestName:
test_02_edit_service_offering | Status : SUCCESS ===
ok
Test to delete service offering ... === TestName:
test_03_delete_service_offering | Status : SUCCESS ===
ok
Test for delete account ... === TestName: test_delete_account | Status :
SUCCESS ===
ok
Test for Associate/Disassociate public IP address for admin account ... ===
TestName: test_public_ip_admin_account | Status : SUCCESS ===
ok
Test for Associate/Disassociate public IP address for user account ... ===
TestName: test_public_ip_user_account | Status : SUCCESS ===
ok
Test for release public IP address ... === TestName: test_releaseIP |
Status : SUCCESS ===
ok
Test create VPC offering ... === TestName: test_01_create_vpc_offering |
Status : SUCCESS ===
ok
Test VPC offering without load balancing service ... === TestName:
test_03_vpc_off_without_lb | Status : SUCCESS ===
ok
Test VPC offering without static NAT service ... === TestName:
test_04_vpc_off_without_static_nat | Status : SUCCESS ===
ok
Test VPC offering without port forwarding service ... === TestName:
test_05_vpc_off_without_pf | Status : SUCCESS ===
ok
Test VPC offering with invalid services ... === TestName:
test_06_vpc_off_invalid_services | Status : SUCCESS ===
ok
Test update VPC offering ... === TestName: test_07_update_vpc_off | Status
: SUCCESS ===
ok
Test list VPC offering ... === TestName: test_08_list_vpc_off | Status :
SUCCESS ===
ok
test_09_create_redundant_vpc_offering
(integration.component.test_vpc_offerings.TestVPCOffering) ... === TestName:
test_09_create_redundant_vpc_offering | Status : SUCCESS ===
ok
Test start/stop of router after addition of one guest network ... ===
TestName: test_01_start_stop_router_after_addition_of_one_guest_network |
Status : SUCCESS ===
ok
Test reboot of router after addition of one guest network ... === TestName:
test_02_reboot_router_after_addition_of_one_guest_network | Status : SUCCESS ===
ok
Test to change service offering of router after addition of one guest
network ... === TestName:
test_04_chg_srv_off_router_after_addition_of_one_guest_network | Status :
SUCCESS ===
ok
Test destroy of router after addition of one guest network ... ===
TestName: test_05_destroy_router_after_addition_of_one_guest_network | Status :
SUCCESS ===
ok
Test to stop and start router after creation of VPC ... === TestName:
test_01_stop_start_router_after_creating_vpc | Status : SUCCESS ===
ok
Test to reboot the router after creating a VPC ... === TestName:
test_02_reboot_router_after_creating_vpc | Status : SUCCESS ===
ok
Tests to change service offering of the Router after ... === TestName:
test_04_change_service_offerring_vpc | Status : SUCCESS ===
ok
Test to destroy the router after creating a VPC ... === TestName:
test_05_destroy_router_after_creating_vpc | Status : SUCCESS ===
ok
----------------------------------------------------------------------
Ran 42 tests in 7929.631s
OK
```
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
