Public bug reported:
When creating an image with the swift backend, the swift object URL
(including password) is logged at debug level in the registry log. The
locations field is currently censored, but location_data is not.
Example:
# glance image-create --name test --disk-format raw --container-format bare <
init.sh
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | 463dafb5b048669f108dd1bb1545c5b6 |
| container_format | bare |
| created_at | 2016-01-15T17:27:18.000000 |
| deleted | False |
| deleted_at | None |
| disk_format | raw |
| id | c4d1a9fe-0ee8-4df6-81f4-7dc74a96b010 |
| is_public | False |
| min_disk | 0 |
| min_ram | 0 |
| name | test |
| owner | b426c75b76de448481322f4a0bd5dbbe |
| protected | False |
| size | 153 |
| status | active |
| updated_at | 2016-01-15T17:27:19.000000 |
| virtual_size | None |
+------------------+--------------------------------------+
# grep -rn 6TWxXyb5L2qenL4uAZTB /var/log/glance/
/var/log/glance/glance-registry.log:967:2016-01-15 17:27:19.321 18032 DEBUG
glance.registry.api.v1.images [req-5207a920-90c3-4d84-b572-127b56d10fc1
3604171c33684cc9a4c11d5506cc3c34 b426c75b76de448481322f4a0bd5dbbe - - -]
Updating image c4d1a9fe-0ee8-4df6-81f4-7dc74a96b010 with metadata: {u'status':
u'active', u'location_data': [{u'url':
u'swift+http://service%3Aglance:[email protected]:5000/v2.0/images/c4d1a9fe-0ee8-4df6-81f4-7dc74a96b010',
u'status': u'active', u'metadata': {}}]} update
/usr/lib/python2.7/site-packages/glance/registry/api/v1/images.py:469
Adding 'location_data' to the filtered fields in
https://github.com/openstack/glance/blob/master/glance/registry/api/v1/images.py#L461
fixed this issue.
Seen on stable/kilo, but the censoring code does not appear to have
changed since.
** Affects: glance
Importance: Undecided
Status: New
** Description changed:
When creating an image with the swift backend, the swift object URL
(including password) is logged at debug level in the registry log. The
locations field is currently censored, but location_data is not.
Example:
# glance image-create --name test --disk-format raw --container-format bare <
init.sh
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | 463dafb5b048669f108dd1bb1545c5b6 |
| container_format | bare |
| created_at | 2016-01-15T17:27:18.000000 |
| deleted | False |
| deleted_at | None |
| disk_format | raw |
| id | c4d1a9fe-0ee8-4df6-81f4-7dc74a96b010 |
| is_public | False |
| min_disk | 0 |
| min_ram | 0 |
| name | test |
| owner | b426c75b76de448481322f4a0bd5dbbe |
| protected | False |
| size | 153 |
| status | active |
| updated_at | 2016-01-15T17:27:19.000000 |
| virtual_size | None |
+------------------+--------------------------------------+
# grep -rn 6TWxXyb5L2qenL4uAZTB /var/log/glance/
/var/log/glance/glance-registry.log:967:2016-01-15 17:27:19.321 18032 DEBUG
glance.registry.api.v1.images [req-5207a920-90c3-4d84-b572-127b56d10fc1
3604171c33684cc9a4c11d5506cc3c34 b426c75b76de448481322f4a0bd5dbbe - - -]
Updating image c4d1a9fe-0ee8-4df6-81f4-7dc74a96b010 with metadata: {u'status':
u'active', u'location_data': [{u'url':
u'swift+http://service%3Aglance:[email protected]:5000/v2.0/images/c4d1a9fe-0ee8-4df6-81f4-7dc74a96b010',
u'status': u'active', u'metadata': {}}]} update
/usr/lib/python2.7/site-packages/glance/registry/api/v1/images.py:469
Adding 'location_data' to the filtered fields in
https://github.com/openstack/glance/blob/master/glance/registry/api/v1/images.py#L461
fixed this issue.
+
+ Seen on stable/kilo, but the censoring code does not appear to have
+ changed since.
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1534763
Title:
Sensitive location_data information exposed in debug message
Status in Glance:
New
Bug description:
When creating an image with the swift backend, the swift object URL
(including password) is logged at debug level in the registry log.
The locations field is currently censored, but location_data is not.
Example:
# glance image-create --name test --disk-format raw --container-format bare <
init.sh
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | 463dafb5b048669f108dd1bb1545c5b6 |
| container_format | bare |
| created_at | 2016-01-15T17:27:18.000000 |
| deleted | False |
| deleted_at | None |
| disk_format | raw |
| id | c4d1a9fe-0ee8-4df6-81f4-7dc74a96b010 |
| is_public | False |
| min_disk | 0 |
| min_ram | 0 |
| name | test |
| owner | b426c75b76de448481322f4a0bd5dbbe |
| protected | False |
| size | 153 |
| status | active |
| updated_at | 2016-01-15T17:27:19.000000 |
| virtual_size | None |
+------------------+--------------------------------------+
# grep -rn 6TWxXyb5L2qenL4uAZTB /var/log/glance/
/var/log/glance/glance-registry.log:967:2016-01-15 17:27:19.321 18032 DEBUG
glance.registry.api.v1.images [req-5207a920-90c3-4d84-b572-127b56d10fc1
3604171c33684cc9a4c11d5506cc3c34 b426c75b76de448481322f4a0bd5dbbe - - -]
Updating image c4d1a9fe-0ee8-4df6-81f4-7dc74a96b010 with metadata: {u'status':
u'active', u'location_data': [{u'url':
u'swift+http://service%3Aglance:[email protected]:5000/v2.0/images/c4d1a9fe-0ee8-4df6-81f4-7dc74a96b010',
u'status': u'active', u'metadata': {}}]} update
/usr/lib/python2.7/site-packages/glance/registry/api/v1/images.py:469
Adding 'location_data' to the filtered fields in
https://github.com/openstack/glance/blob/master/glance/registry/api/v1/images.py#L461
fixed this issue.
Seen on stable/kilo, but the censoring code does not appear to have
changed since.
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1534763/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
