[
https://issues.apache.org/jira/browse/FLINK-38815?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
dengxaing updated FLINK-38815:
------------------------------
Description:
The debug log contains sensitive information of data security cookie
certification in task manager and jobmanager. It will print the password,
algorithms, and so on.
调试日志包含任务管理器和作业管理器中数据安全cookie认证的敏感信息,会把密码、算法等都打印出来。
{code:java}
private static ActorSystem startActorSystem(
Config config, String actorSystemName, Logger logger) {
logger.debug("Using pekko configuration\n {}", config);
ActorSystem actorSystem = PekkoUtils.createActorSystem(actorSystemName,
config);
logger.info("Actor system started at {}",
PekkoUtils.getAddress(actorSystem));
return actorSystem;
} {code}
This section will print all the information in the config because the code
constructed by config uses the toString method:
这部分会打印config里的所有信息,是因为config构造的代码使用了toString方法:
{code:java}
private static class ConfigBuilder {
private final StringWriter stringWriter = new StringWriter();
private final PrintWriter printWriter = new PrintWriter(stringWriter);
public ConfigBuilder add(String configLine) {
printWriter.println(configLine);
return this;
} public Config build() {
return ConfigFactory.parseString(stringWriter.toString()).resolve();
}
}{code}
The build code for config is as follows:
config的build代码如下:
{code:java}
configBuilder
.add("pekko {")
.add(" remote.classic {")
.add(" enabled-transports =
[\"pekko.remote.classic.netty.ssl\"]")
.add(" netty {")
.add(" ssl = ${pekko.remote.classic.netty.tcp}")
.add(" ssl {")
.add(" enable-ssl = " + enableSSL)
.add(" ssl-engine-provider = " + sslEngineProviderName)
.add(" security {")
.add(" key-store = \"" + sslKeyStore + "\"")
.add(" key-store-password = \"" + sslKeyStorePassword
+ "\"")
.add(" key-store-type = \"" + sslKeyStoreType + "\"")
.add(" key-password = \"" + sslKeyPassword + "\"")
.add(" trust-store = \"" + sslTrustStore + "\"")
.add(" trust-store-password = \"" +
sslTrustStorePassword + "\"")
.add(" trust-store-type = \"" + sslTrustStoreType +
"\"")
.add(" protocol = " + sslProtocol + "")
.add(" enabled-algorithms = " + sslAlgorithms + "")
.add(" random-number-generator = \"\"")
.add(" require-mutual-authentication = on")
.add(" cert-fingerprints = " + sslCertFingerprints +
"")
.add(" }")
.add(" }")
.add(" }")
.add(" }")
.add("}"); {code}
was:
The debug log contains sensitive information of data security cookie
certification in task manager and jobmanager. It will print the password,
algorithms, and so on.
调试日志包含任务管理器和作业管理器中数据安全cookie认证的敏感信息,会把密码、算法等都打印出来。
{code:java}
private static ActorSystem startActorSystem(
Config config, String actorSystemName, Logger logger) {
logger.debug("Using pekko configuration\n {}", config);
ActorSystem actorSystem = PekkoUtils.createActorSystem(actorSystemName,
config);
logger.info("Actor system started at {}",
PekkoUtils.getAddress(actorSystem));
return actorSystem;
} {code}
This section will print all the information in the config because the code
constructed by config uses the toString method:
这部分会打印config里的所有信息,是因为config构造的代码使用了toString方法:
{code:java}
private static class ConfigBuilder {
private final StringWriter stringWriter = new StringWriter();
private final PrintWriter printWriter = new PrintWriter(stringWriter);
public ConfigBuilder add(String configLine) {
printWriter.println(configLine);
return this;
} public Config build() {
return ConfigFactory.parseString(stringWriter.toString()).resolve();
}
}{code}
The build code for config is as follows:
config的build代码如下:
{code:java}
configBuilder
.add("pekko {")
.add(" remote.classic {")
.add(" enabled-transports =
[\"pekko.remote.classic.netty.ssl\"]")
.add(" netty {")
.add(" ssl = ${pekko.remote.classic.netty.tcp}")
.add(" ssl {")
.add(" enable-ssl = " + enableSSL)
.add(" ssl-engine-provider = " + sslEngineProviderName)
.add(" security {")
.add(" key-store = \"" + sslKeyStore + "\"")
.add(" key-store-password = \"" + sslKeyStorePassword
+ "\"")
.add(" key-store-type = \"" + sslKeyStoreType + "\"")
.add(" key-password = \"" + sslKeyPassword + "\"")
.add(" trust-store = \"" + sslTrustStore + "\"")
.add(" trust-store-password = \"" +
sslTrustStorePassword + "\"")
.add(" trust-store-type = \"" + sslTrustStoreType +
"\"")
.add(" protocol = " + sslProtocol + "")
.add(" enabled-algorithms = " + sslAlgorithms + "")
.add(" random-number-generator = \"\"")
.add(" require-mutual-authentication = on")
.add(" cert-fingerprints = " + sslCertFingerprints +
"")
.add(" }")
.add(" }")
.add(" }")
.add(" }")
.add("}"); {code}
> The debug log will print the sensitive information of data security cookie
> certification in task manager and jobmanager
> -----------------------------------------------------------------------------------------------------------------------
>
> Key: FLINK-38815
> URL: https://issues.apache.org/jira/browse/FLINK-38815
> Project: Flink
> Issue Type: Bug
> Components: Runtime / RPC
> Affects Versions: 2.0.0, 1.20.0, 2.1.0, 2.2.0, 2.3.0
> Reporter: dengxaing
> Priority: Critical
>
> The debug log contains sensitive information of data security cookie
> certification in task manager and jobmanager. It will print the password,
> algorithms, and so on.
> 调试日志包含任务管理器和作业管理器中数据安全cookie认证的敏感信息,会把密码、算法等都打印出来。
>
> {code:java}
> private static ActorSystem startActorSystem(
> Config config, String actorSystemName, Logger logger) {
> logger.debug("Using pekko configuration\n {}", config);
> ActorSystem actorSystem =
> PekkoUtils.createActorSystem(actorSystemName, config);
> logger.info("Actor system started at {}",
> PekkoUtils.getAddress(actorSystem));
> return actorSystem;
> } {code}
>
> This section will print all the information in the config because the code
> constructed by config uses the toString method:
> 这部分会打印config里的所有信息,是因为config构造的代码使用了toString方法:
>
> {code:java}
> private static class ConfigBuilder {
> private final StringWriter stringWriter = new StringWriter();
> private final PrintWriter printWriter = new PrintWriter(stringWriter);
> public ConfigBuilder add(String configLine) {
> printWriter.println(configLine);
> return this;
> } public Config build() {
> return
> ConfigFactory.parseString(stringWriter.toString()).resolve();
> }
> }{code}
> The build code for config is as follows:
> config的build代码如下:
> {code:java}
> configBuilder
> .add("pekko {")
> .add(" remote.classic {")
> .add(" enabled-transports =
> [\"pekko.remote.classic.netty.ssl\"]")
> .add(" netty {")
> .add(" ssl = ${pekko.remote.classic.netty.tcp}")
> .add(" ssl {")
> .add(" enable-ssl = " + enableSSL)
> .add(" ssl-engine-provider = " + sslEngineProviderName)
> .add(" security {")
> .add(" key-store = \"" + sslKeyStore + "\"")
> .add(" key-store-password = \"" +
> sslKeyStorePassword + "\"")
> .add(" key-store-type = \"" + sslKeyStoreType + "\"")
> .add(" key-password = \"" + sslKeyPassword + "\"")
> .add(" trust-store = \"" + sslTrustStore + "\"")
> .add(" trust-store-password = \"" +
> sslTrustStorePassword + "\"")
> .add(" trust-store-type = \"" + sslTrustStoreType +
> "\"")
> .add(" protocol = " + sslProtocol + "")
> .add(" enabled-algorithms = " + sslAlgorithms + "")
> .add(" random-number-generator = \"\"")
> .add(" require-mutual-authentication = on")
> .add(" cert-fingerprints = " + sslCertFingerprints +
> "")
> .add(" }")
> .add(" }")
> .add(" }")
> .add(" }")
> .add("}"); {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
