cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mc...@apache.org
Subject git commit: updated refs/heads/4.3 to 8367a8f
Date Wed, 04 Dec 2013 00:46:12 GMT
Updated Branches:
  refs/heads/4.3 97dc85cae -> 8367a8fae


CLOUDSTACK-5355: addImageStore should not log password in clear text in
the log.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/8367a8fa
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/8367a8fa
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/8367a8fa

Branch: refs/heads/4.3
Commit: 8367a8fae19bb883747a8fecfa3b00d022513104
Parents: 97dc85c
Author: Min Chen <min.chen@citrix.com>
Authored: Tue Dec 3 15:42:38 2013 -0800
Committer: Min Chen <min.chen@citrix.com>
Committed: Tue Dec 3 16:46:02 2013 -0800

----------------------------------------------------------------------
 .../lifecycle/CloudStackImageStoreLifeCycleImpl.java    |  6 ++++--
 utils/src/com/cloud/utils/StringUtils.java              |  4 ++--
 utils/test/com/cloud/utils/StringUtilsTest.java         | 12 ++++++++++--
 3 files changed, 16 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8367a8fa/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java
----------------------------------------------------------------------
diff --git a/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java
b/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java
index d644878..65a4018 100644
--- a/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java
+++ b/plugins/storage/image/default/src/org/apache/cloudstack/storage/datastore/lifecycle/CloudStackImageStoreLifeCycleImpl.java
@@ -26,6 +26,8 @@ import javax.inject.Inject;
 
 import org.apache.log4j.Logger;
 
+import com.ibm.wsdl.util.StringUtils;
+
 import org.apache.cloudstack.engine.subsystem.api.storage.ClusterScope;
 import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
 import org.apache.cloudstack.engine.subsystem.api.storage.HostScope;
@@ -84,13 +86,13 @@ public class CloudStackImageStoreLifeCycleImpl implements ImageStoreLifeCycle
{
         DataStoreRole role = (DataStoreRole) dsInfos.get("role");
         Map<String, String> details = (Map<String, String>) dsInfos.get("details");
 
-        s_logger.info("Trying to add a new data store at " + url + " to data center " + dcId);
+        s_logger.info("Trying to add a new data store at " + StringUtils.cleanString(url)
+ " to data center " + dcId);
 
         URI uri = null;
         try {
             uri = new URI(UriUtils.encodeURIComponent(url));
             if (uri.getScheme() == null) {
-                throw new InvalidParameterValueException("uri.scheme is null " + url + ",
add nfs:// (or cifs://) as a prefix");
+                throw new InvalidParameterValueException("uri.scheme is null " + StringUtils.cleanString(url)
+ ", add nfs:// (or cifs://) as a prefix");
             } else if (uri.getScheme().equalsIgnoreCase("nfs")) {
                 if (uri.getHost() == null || uri.getHost().equalsIgnoreCase("") || uri.getPath()
== null
                         || uri.getPath().equalsIgnoreCase("")) {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8367a8fa/utils/src/com/cloud/utils/StringUtils.java
----------------------------------------------------------------------
diff --git a/utils/src/com/cloud/utils/StringUtils.java b/utils/src/com/cloud/utils/StringUtils.java
index 948c0ac..7aafff1 100644
--- a/utils/src/com/cloud/utils/StringUtils.java
+++ b/utils/src/com/cloud/utils/StringUtils.java
@@ -157,8 +157,8 @@ public class StringUtils {
         return sb.toString();
     }
 
-    // removes a password request param and it's value
-    private static final Pattern REGEX_PASSWORD_QUERYSTRING = Pattern.compile("&?(password|accesskey|secretkey)=.*?(?=[&'\"])");
+    // removes a password request param and it's value, also considering password is in query
parameter value which has been url encoded
+    private static final Pattern REGEX_PASSWORD_QUERYSTRING = Pattern.compile("(&|%26)?(password|accesskey|secretkey)(=|%3D).*?(?=(%26|[&'\"]))");
 
     // removes a password/accesskey/ property from a response json object
     private static final Pattern REGEX_PASSWORD_JSON = Pattern.compile("\"(password|accesskey|secretkey)\":\".*?\",?");

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8367a8fa/utils/test/com/cloud/utils/StringUtilsTest.java
----------------------------------------------------------------------
diff --git a/utils/test/com/cloud/utils/StringUtilsTest.java b/utils/test/com/cloud/utils/StringUtilsTest.java
index ae37c24..cc22f9d 100644
--- a/utils/test/com/cloud/utils/StringUtilsTest.java
+++ b/utils/test/com/cloud/utils/StringUtilsTest.java
@@ -16,9 +16,9 @@
 // under the License.
 package com.cloud.utils;
 
-import org.junit.Test;
 import static org.junit.Assert.assertEquals;
-import com.cloud.utils.StringUtils;
+
+import org.junit.Test;
 
 public class StringUtilsTest {
     @Test
@@ -72,6 +72,14 @@ public class StringUtilsTest {
     }
 
     @Test
+    public void testCleanPasswordFromEncodedRequestString() {
+        String input = "name=SS1&provider=SMB&zoneid=5a60af2b-3025-4f2a-9ecc-8e33bf2b94e3&url=cifs%3A%2F%2F10.102.192.150%2FSMB-Share%2Fsowmya%2Fsecondary%3Fuser%3Dsowmya%26password%3DXXXXX%40123%26domain%3DBLR";
+        String expected = "name=SS1&provider=SMB&zoneid=5a60af2b-3025-4f2a-9ecc-8e33bf2b94e3&url=cifs%3A%2F%2F10.102.192.150%2FSMB-Share%2Fsowmya%2Fsecondary%3Fuser%3Dsowmya%26domain%3DBLR";
+        String result = StringUtils.cleanString(input);
+        assertEquals(result, expected);
+    }
+
+    @Test
     public void testCleanPasswordFromRequestStringWithMultiplePasswords() {
         String input = "username=foo&password=bar&url=foobar&password=bar2&test=4";
         String expected = "username=foo&url=foobar&test=4";


Mime
View raw message