[
https://issues.apache.org/jira/browse/OOZIE-1814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15528763#comment-15528763
]
Andras Piros edited comment on OOZIE-1814 at 9/28/16 7:49 AM:
--------------------------------------------------------------
Thanks :) My thoughts on that few thingies:
# OK, putting to whitelist all the {{.json}} files
# This subclass {{MetricsLoggerService}} is really in the same package.
Existing test classes are also in the same package. Right now I don't feel the
need of having the need for inheriting classes not in the same package. If
there will be one, or the only existing child will be moved to another package,
we can relax the visibility constraint once again
# For the sake of testability it's best [*not to have static
methods*|http://misko.hevery.com/2008/07/30/top-10-things-which-make-your-code-hard-to-test].
At the moment {{PasswordMasker.mask()}} is a leaf method (no collaborators of
other classes are called) so if you really want I can make it {{static}}. But
later when this class won't be leaf anymore the one performing extension will
be responsible to make it non-{{static}} again... Best not to have it in the
first place. For the JVM creating many small short-lived {{Object}} instances
and getting rid of them I also wouldn't feel [*any
headache*|http://programmers.stackexchange.com/questions/149563/should-we-avoid-object-creation-in-java]
was (Author: andras.piros):
Thanks :) My thoughts on that few thingies:
# OK, putting to whitelist all the {{.json}} files
# This subclass {{MetricsLoggerService}} is really in the same package.
Existing test classes are also in the same package. Right now I don't feel the
need of having the need for inheriting classes not in the same package. If
there will be one, or the only existing child will be moved to another package,
we can relax the visibility constraint once again
# For the sake of testability it's best [*not to have static
methods*|http://misko.hevery.com/2008/07/30/top-10-things-which-make-your-code-hard-to-test].
At the moment {{PasswordMasker.mask()}} is a leaf method (no collaborators of
other classes are called) so if you really want I can make it {{static}}. But
later when this class won't be leaf anymore the one performing extension will
be responsible to make it non-{{static}} again... Best not to have it in the
first place. For the JVM creating many small short-lived {{Object}}s and
getting rid of them I also wouldn't feel [*any
headache*|http://programmers.stackexchange.com/questions/149563/should-we-avoid-object-creation-in-java]
> Oozie should mask any passwords in logs and REST interfaces
> -----------------------------------------------------------
>
> Key: OOZIE-1814
> URL: https://issues.apache.org/jira/browse/OOZIE-1814
> Project: Oozie
> Issue Type: Bug
> Affects Versions: trunk
> Reporter: Bowen Zhang
> Assignee: Andras Piros
> Labels: newbie
> Fix For: 4.3.0
>
> Attachments: OOZIE-1814.002.patch, OOZIE-1814.003.patch,
> OOZIE-1814.004.patch, OOZIE-1814.005.patch, oozie-1814.patch
>
>
> Following passwords are currently visible in the instrumentation log, REST
> endpoints, WebUI, and CLI (WebUI and CLI simply call the REST endpoints):
> * {{javax.net.ssl.trustStorePassword}}
> * {{oozie.https.keystore.pass}}
> * {{HADOOP_CREDSTORE_PASSWORD}}
> * {{OOZIE_HTTPS_KEYSTORE_PASSWORD}}
> * {{OOZIE_HTTPS_TRUSTSTORE_PASSWORD}}
> There are a few examples that illustrate password leakage.
> {noformat}
> # grep -i pass /var/log/oozie/oozie-instrumentation.log
> OOZIE_HTTPS_TRUSTSTORE_PASSWORD = password
> javax.net.ssl.trustStorePassword = password
> oozie.https.keystore.pass = password
> HADOOP_CREDSTORE_PASSWORD = password
> OOZIE_HTTPS_KEYSTORE_PASSWORD = password
> CATALINA_OPTS = -Xms603979776 -Xmx603979776
> -XX:+HeapDumpOnOutOfMemoryError
> -XX:HeapDumpPath=/tmp/OOZIE-1_OOZIE-1-OOZIE_SERVER-2e75cc1293d9058eef7250a18f347c43_pid30867.hprof
> -XX:OnOutOfMemoryError=/usr/lib64/cmf/service/common/killparent.sh
> -Doozie.home.dir=/usr/lib/oozie
> -Doozie.config.dir=/var/run/cloudera-scm-agent/process/320-oozie-OOZIE_SERVER
> -Doozie.log.dir=/var/log/oozie
> -Doozie.log.file=oozie-cmf-OOZIE-1-OOZIE_SERVER-nightly-1.gce.cloudera.com.log.out
> -Doozie.config.file=oozie-site.xml -Doozie.log4j.file=log4j.properties
> -Doozie.log4j.reload=10 -Doozie.http.hostname=nightly-1.gce.cloudera.com
> -Doozie.http.port=11000 -Djava.net.preferIPv4Stack=true
> -Doozie.admin.port=11001 -Dderby.stream.error.file=/var/log/oozie/derby.log
> -Doozie.instance.id=nightly-1.gce.cloudera.com
> -Djava.library.path=/usr/lib/hadoop/lib/native -Doozie.https.port=11443
> -Djavax.net.ssl.trustStore=/etc/cdep-ssl-conf/CA_STANDARD/truststore.jks
> -Djavax.net.ssl.trustStorePassword=password
> {noformat}
> Oozie dumps the env vars and Java sys props to the instrumentation log on
> startup.
> {noformat}
> # curl --negotiate -u foo:bar -k
> https://nightly-1.gce.cloudera.com:11443/oozie/v2/admin/os-env | python -m
> json.tool | grep -i pass
> "CATALINA_OPTS": "-Xms603979776 -Xmx603979776 -XX:+HeapDumpOnOutOfMemoryError
> -XX:HeapDumpPath=/tmp/OOZIE-1_OOZIE-1-OOZIE_SERVER-2e75cc1293d9058eef7250a18f347c43_pid30867.hprof
> -XX:OnOutOfMemoryError=/usr/lib64/cmf/service/common/killparent.sh
> -Doozie.home.dir=/usr/lib/oozie
> -Doozie.config.dir=/var/run/cloudera-scm-agent/process/320-oozie-OOZIE_SERVER
> -Doozie.log.dir=/var/log/oozie
> -Doozie.log.file=oozie-cmf-OOZIE-1-OOZIE_SERVER-nightly-1.gce.cloudera.com.log.out
> -Doozie.config.file=oozie-site.xml -Doozie.log4j.file=log4j.properties
> -Doozie.log4j.reload=10 -Doozie.http.hostname=nightly-1.gce.cloudera.com
> -Doozie.http.port=11000 -Djava.net.preferIPv4Stack=true
> -Doozie.admin.port=11001 -Dderby.stream.error.file=/var/log/oozie/derby.log
> -Doozie.instance.id=nightly-1.gce.cloudera.com
> -Djava.library.path=/usr/lib/hadoop/lib/native -Doozie.https.port=11443
> -Djavax.net.ssl.trustStore=/etc/cdep-ssl-conf/CA_STANDARD/truststore.jks
> -Djavax.net.ssl.trustStorePassword=password ",
> "HADOOP_CREDSTORE_PASSWORD": "password",
> "OOZIE_HTTPS_KEYSTORE_PASSWORD": "password",
> "OOZIE_HTTPS_TRUSTSTORE_PASSWORD": "password",
> {noformat}
> {noformat}
> # curl --negotiate -u foo:bar -k
> https://nightly-1.gce.cloudera.com:11443/oozie/v2/admin/java-sys-properties |
> python -m json.tool | grep -i pass
> "javax.net.ssl.trustStorePassword": "password",
> "oozie.https.keystore.pass": "password",
> {noformat}
> The REST API has two endpoints, {{admin/os-env}} and
> {{admin/java-sys-properties}}, which are also available in the Web UI and
> CLI. These expose the env vars and Java sys props too.
> We should mask these like we do for the configuration endpoint.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
