[jira] [Resolved] (ZOOKEEPER-3989) GenerateLoad needs to use log for protecting sensitive data

Mon, 23 Nov 2020 03:41:04 -0800 


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-3989?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Damien Diederen resolved ZOOKEEPER-3989.
----------------------------------------
    Fix Version/s: 3.7.0
       Resolution: Fixed

Issue resolved by pull request 1530
[https://github.com/apache/zookeeper/pull/1530]

> GenerateLoad needs to use log for protecting sensitive data
> -----------------------------------------------------------
>
>                 Key: ZOOKEEPER-3989
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3989
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: tests
>    Affects Versions: 3.4.11, 3.4.13
>            Reporter: xiaoqin.fu
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 3.7.0
>
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> n methods of org.apache.zookeeper.test.system.GenerateLoad,
>       public static void main(String[] args) throws InterruptedException,
>             KeeperException, NoAvailableContainers, DuplicateNameException,
>             NoAssignmentException {  
>                               ......
>                 if (!statusWatcher.waitConnected(5000)) {
>                     System.err.println("Could not connect to " + args[0]);
>                     return;
>                 }                     
>                               ......
>                               String mode = getMode(parts[i]);
>                               if (mode.equals("leader")) {
>                                       zkHostPort = new 
> StringBuilder(parts[i]);
>                                       System.out.println("Connecting 
> exclusively to " + zkHostPort.toString());
>                                       break outer;
>                               }
>                               try {
>                                       String cmdNumber[] = line.split(" ");
>                                       ......
>                               } catch (NumberFormatException e) {
>                                       System.out.println("Not a valid number: 
> "
>                                                       + e.getMessage());
>                               }
>                               ......                          
>             }                                 
>       }                       
> Sensitive data about args[0], zkHostPort, and cmdNumber are directly printed 
> and may leak. 
> For security, log should be used to record these data, as well as log in 
> other classes such as org.apache.zookeeper.server.ZooKeeperServer:
>       LOG = LoggerFactory.getLogger(GenerateLoad.class);
>       ......
>       LOG.error("Could not connect to " + args[0]);
>       ......
>       LOG.info("Connecting exclusively to " + zkHostPort.toString());
>       ......
>       LOG.error("Not a valid number: " + e.getMessage());



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to