tinkerpop-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From spmalle...@apache.org
Subject [tinkerpop] 01/01: Mask security secret or password
Date Wed, 09 Jan 2019 18:35:56 GMT
This is an automated email from the ASF dual-hosted git repository.

spmallette pushed a commit to branch TINKERPOP-2129
in repository https://gitbox.apache.org/repos/asf/tinkerpop.git

commit 02a7af34e2bf881650978adfa25836655f31a6ba
Author: Alex Liu <alex_liu68@yahoo.com>
AuthorDate: Wed Jan 9 09:22:08 2019 -0500

    Mask security secret or password
---
 CHANGELOG.asciidoc                                  |  2 +-
 .../io/gryo/kryoshim/KryoShimServiceLoader.java     | 21 ++++++++++++++++++---
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
index 7f41374..cac81b1 100644
--- a/CHANGELOG.asciidoc
+++ b/CHANGELOG.asciidoc
@@ -23,7 +23,7 @@ image::https://raw.githubusercontent.com/apache/tinkerpop/master/docs/static/ima
 [[release-3-3-6]]
 === TinkerPop 3.3.6 (Release Date: NOT OFFICIALLY RELEASED YET)
 
-
+* Masked sensitive configuration options in the logs of `KryoShimServiceLoader`.
 
 [[release-3-3-5]]
 === TinkerPop 3.3.5 (Release Date: January 2, 2019)
diff --git a/gremlin-core/src/main/java/org/apache/tinkerpop/gremlin/structure/io/gryo/kryoshim/KryoShimServiceLoader.java
b/gremlin-core/src/main/java/org/apache/tinkerpop/gremlin/structure/io/gryo/kryoshim/KryoShimServiceLoader.java
index 70be7ad..97e6d16 100644
--- a/gremlin-core/src/main/java/org/apache/tinkerpop/gremlin/structure/io/gryo/kryoshim/KryoShimServiceLoader.java
+++ b/gremlin-core/src/main/java/org/apache/tinkerpop/gremlin/structure/io/gryo/kryoshim/KryoShimServiceLoader.java
@@ -18,6 +18,7 @@
  */
 package org.apache.tinkerpop.gremlin.structure.io.gryo.kryoshim;
 
+import org.apache.commons.configuration.BaseConfiguration;
 import org.apache.commons.configuration.Configuration;
 import org.apache.commons.configuration.ConfigurationUtils;
 import org.apache.tinkerpop.gremlin.util.SystemUtil;
@@ -27,8 +28,8 @@ import org.slf4j.LoggerFactory;
 import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
 import java.util.ArrayList;
-import java.util.Collections;
 import java.util.Comparator;
+import java.util.Iterator;
 import java.util.ServiceLoader;
 
 /**
@@ -38,6 +39,7 @@ public class KryoShimServiceLoader {
 
     private static volatile KryoShimService cachedShimService;
     private static volatile Configuration configuration;
+    private static final String maskedProperties = ".+\\.(password|keyStorePassword|trustStorePassword)|spark.authenticate.secret";
 
     private static final Logger log = LoggerFactory.getLogger(KryoShimServiceLoader.class);
 
@@ -109,7 +111,7 @@ public class KryoShimServiceLoader {
                 }
             }
         } else {
-            Collections.sort(services, KryoShimServiceComparator.INSTANCE);
+            services.sort(KryoShimServiceComparator.INSTANCE);
             for (final KryoShimService kss : services) {
                 log.debug("Found KryoShimService: {} (priority {})", kss.getClass().getCanonicalName(),
kss.getPriority());
             }
@@ -127,11 +129,24 @@ public class KryoShimServiceLoader {
         // once the shim service is defined, configure it
         log.info("Configuring KryoShimService {} with the following configuration:\n#######START########\n{}\n########END#########",
                 cachedShimService.getClass().getCanonicalName(),
-                ConfigurationUtils.toString(configuration));
+                ConfigurationUtils.toString(maskedConfiguration(configuration)));
         cachedShimService.applyConfiguration(configuration);
         return cachedShimService;
     }
 
+    private static Configuration maskedConfiguration(final Configuration configuration) {
+        final Configuration maskedConfiguration = new BaseConfiguration();
+        final Iterator keys = configuration.getKeys();
+        while(keys.hasNext()) {
+            final String key = (String)keys.next();
+            if (key.matches(maskedProperties))
+                maskedConfiguration.setProperty(key, "******");
+            else
+                maskedConfiguration.setProperty(key, configuration.getProperty(key));
+        }
+        return maskedConfiguration;
+    }
+
     /**
      * A loose abstraction of {@link org.apache.tinkerpop.shaded.kryo.Kryo#writeClassAndObject},
      * where the {@code output} parameter is an internally-created {@link ByteArrayOutputStream}.
 Returns


Mime
View raw message