Reviewed: https://review.openstack.org/280778 Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=093af94c315dc4105ea060936dce37bd91a6e9a2 Submitter: Jenkins Branch: master
commit 093af94c315dc4105ea060936dce37bd91a6e9a2 Author: Cyril Roelandt <[email protected]> Date: Tue Feb 16 16:46:25 2016 +0100 Do not log sensitive data The content of the "location_data" was leaked in the logs. Change-Id: I90b1b8b5be1f9ca9ecd9be62e46531d3c50df777 Closes-Bug: #1534763 ** Changed in: glance Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1534763 Title: Sensitive location_data information exposed in debug message Status in Glance: Fix Released Bug description: When creating an image with the swift backend, the swift object URL (including password) is logged at debug level in the registry log. The locations field is currently censored, but location_data is not. Example: # glance image-create --name test --disk-format raw --container-format bare < init.sh +------------------+--------------------------------------+ | Property | Value | +------------------+--------------------------------------+ | checksum | 463dafb5b048669f108dd1bb1545c5b6 | | container_format | bare | | created_at | 2016-01-15T17:27:18.000000 | | deleted | False | | deleted_at | None | | disk_format | raw | | id | c4d1a9fe-0ee8-4df6-81f4-7dc74a96b010 | | is_public | False | | min_disk | 0 | | min_ram | 0 | | name | test | | owner | b426c75b76de448481322f4a0bd5dbbe | | protected | False | | size | 153 | | status | active | | updated_at | 2016-01-15T17:27:19.000000 | | virtual_size | None | +------------------+--------------------------------------+ # grep -rn 6TWxXyb5L2qenL4uAZTB /var/log/glance/ /var/log/glance/glance-registry.log:967:2016-01-15 17:27:19.321 18032 DEBUG glance.registry.api.v1.images [req-5207a920-90c3-4d84-b572-127b56d10fc1 3604171c33684cc9a4c11d5506cc3c34 b426c75b76de448481322f4a0bd5dbbe - - -] Updating image c4d1a9fe-0ee8-4df6-81f4-7dc74a96b010 with metadata: {u'status': u'active', u'location_data': [{u'url': u'swift+http://service%3Aglance:[email protected]:5000/v2.0/images/c4d1a9fe-0ee8-4df6-81f4-7dc74a96b010', u'status': u'active', u'metadata': {}}]} update /usr/lib/python2.7/site-packages/glance/registry/api/v1/images.py:469 Adding 'location_data' to the filtered fields in https://github.com/openstack/glance/blob/master/glance/registry/api/v1/images.py#L461 fixed this issue. Seen on stable/kilo, but the censoring code does not appear to have changed since. To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1534763/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
