CLOUDSTACK-5942: The agent at places logs the password of the user. It should mask the

devdeep · devdeep · commit aab881be2107 · 2014-01-24T15:04:00.000+05:30
password from the message string before writing to the log. Made a change to do so.
diff --git a/plugins/hypervisors/hyperv/DotNet/ServerResource/HypervResource/CloudStackTypes.cs b/plugins/hypervisors/hyperv/DotNet/ServerResource/HypervResource/CloudStackTypes.cs
@@ -254,7 +254,7 @@ public static VolumeObjectTO ParseJson(dynamic json)
                 // Assert
                 if (result.dataStore == null || (result.primaryDataStore == null && result.nfsDataStore == null))
                 {
-                    String errMsg = "VolumeObjectTO missing dataStore in spec " + volumeObjectTOJson.ToString();
+                    String errMsg = "VolumeObjectTO missing dataStore in spec " + Utils.CleanString(volumeObjectTOJson.ToString());
                     logger.Error(errMsg);
                     throw new ArgumentNullException(errMsg);
                 }
@@ -292,7 +292,7 @@ private static void GuessFileExtension(VolumeObjectTO volInfo)
                 }
                 else
                 {
-                    String errMsg = "VolumeObjectTO missing dataStore in spec " + volInfo.ToString();
+                    String errMsg = "VolumeObjectTO missing dataStore in spec " + Utils.CleanString(volInfo.ToString());
                     logger.Error(errMsg);
                     throw new ArgumentNullException(errMsg);
                 }
diff --git a/plugins/hypervisors/hyperv/DotNet/ServerResource/HypervResource/HypervResourceController.cs b/plugins/hypervisors/hyperv/DotNet/ServerResource/HypervResource/HypervResourceController.cs
@@ -207,7 +207,7 @@ public JContainer AttachCommand([FromBody]dynamic cmd)
         {
             using (log4net.NDC.Push(Guid.NewGuid().ToString()))
             {
-                logger.Info(CloudStackTypes.AttachCommand + cmd.ToString());
+                logger.Info(CloudStackTypes.AttachCommand + Utils.CleanString(cmd.ToString()));
 
                 string details = null;
                 bool result = false;
@@ -268,7 +268,7 @@ public JContainer DetachCommand([FromBody]dynamic cmd)
         {
             using (log4net.NDC.Push(Guid.NewGuid().ToString()))
             {
-                logger.Info(CloudStackTypes.DettachCommand + cmd.ToString());
+                logger.Info(CloudStackTypes.DettachCommand + Utils.CleanString(cmd.ToString()));
 
                 string details = null;
                 bool result = false;
@@ -485,7 +485,7 @@ private static JArray ReturnCloudStackTypedJArray(object ansContent, string ansT
         {
             JObject ansObj = Utils.CreateCloudStackObject(ansType, ansContent);
             JArray answer = new JArray(ansObj);
-            logger.Info(ansObj.ToString());
+            logger.Info(Utils.CleanString(ansObj.ToString()));
             return answer;
         }
 
@@ -496,7 +496,7 @@ public JContainer CreateCommand([FromBody]dynamic cmd)
         {
             using (log4net.NDC.Push(Guid.NewGuid().ToString()))
             {
-                logger.Info(CloudStackTypes.CreateCommand + cmd.ToString());
+                logger.Info(CloudStackTypes.CreateCommand + Utils.CleanString(cmd.ToString()));
 
                 string details = null;
                 bool result = false;
@@ -603,7 +603,7 @@ public JContainer PrimaryStorageDownloadCommand([FromBody]dynamic cmd)
         {
             using (log4net.NDC.Push(Guid.NewGuid().ToString()))
             {
-                logger.Info(CloudStackTypes.PrimaryStorageDownloadCommand + cmd.ToString());
+                logger.Info(CloudStackTypes.PrimaryStorageDownloadCommand + Utils.CleanString(cmd.ToString()));
                 string details = null;
                 bool result = false;
                 long size = 0;
@@ -871,7 +871,7 @@ public JContainer CreateStoragePoolCommand([FromBody]dynamic cmd)
         {
             using (log4net.NDC.Push(Guid.NewGuid().ToString()))
             {
-                logger.Info(CloudStackTypes.CreateStoragePoolCommand + cmd.ToString());
+                logger.Info(CloudStackTypes.CreateStoragePoolCommand + Utils.CleanString(cmd.ToString()));
                 object ansContent = new
                 {
                     result = true,
@@ -889,7 +889,7 @@ public JContainer ModifyStoragePoolCommand([FromBody]dynamic cmd)
         {
             using (log4net.NDC.Push(Guid.NewGuid().ToString()))
             {
-                logger.Info(CloudStackTypes.ModifyStoragePoolCommand + cmd.ToString());
+                logger.Info(CloudStackTypes.ModifyStoragePoolCommand + Utils.CleanString(cmd.ToString()));
                 string details = null;
                 string localPath;
                 StoragePoolType poolType;
@@ -1045,7 +1045,7 @@ public JContainer StartCommand([FromBody]dynamic cmd)
         {
             using (log4net.NDC.Push(Guid.NewGuid().ToString()))
             {
-                logger.Info(CloudStackTypes.StartCommand + cmd.ToString()); // TODO: Security hole? VM data printed to log
+                logger.Info(CloudStackTypes.StartCommand + Utils.CleanString(cmd.ToString()));
                 string details = null;
                 bool result = false;
 
@@ -1144,7 +1144,7 @@ public JContainer CreateObjectCommand([FromBody]dynamic cmd)
         {
             using (log4net.NDC.Push(Guid.NewGuid().ToString()))
             {
-                logger.Info(CloudStackTypes.CreateObjectCommand + cmd.ToString());
+                logger.Info(CloudStackTypes.CreateObjectCommand + Utils.CleanString(cmd.ToString()));
 
                 bool result = false;
                 string details = null;
@@ -1315,7 +1315,7 @@ public JContainer CopyCommand(dynamic cmd)
             using (log4net.NDC.Push(Guid.NewGuid().ToString()))
             {
                 // Log command *after* we've removed security details from the command.
-                logger.Info(CloudStackTypes.CopyCommand + cmd.ToString());
+                logger.Info(CloudStackTypes.CopyCommand + Utils.CleanString(cmd.ToString()));
 
                 bool result = false;
                 string details = null;
@@ -1691,7 +1691,7 @@ public JContainer GetStorageStatsCommand([FromBody]dynamic cmd)
         {
             using (log4net.NDC.Push(Guid.NewGuid().ToString()))
             {
-                logger.Info(CloudStackTypes.GetStorageStatsCommand + cmd.ToString());
+                logger.Info(CloudStackTypes.GetStorageStatsCommand + Utils.CleanString(cmd.ToString()));
                 bool result = false;
                 string details = null;
                 long capacity = 0;
diff --git a/plugins/hypervisors/hyperv/DotNet/ServerResource/HypervResource/Utils.cs b/plugins/hypervisors/hyperv/DotNet/ServerResource/HypervResource/Utils.cs
@@ -164,6 +164,16 @@ public static void GetShareDetails(string remoteUNC, out long capacity, out long
             capacity = totalNumberOfBytes > 0 ? (long)totalNumberOfBytes : 0;
         }
 
+        public static string CleanString(string stringToClean)
+        {
+            string cleanString = null;
+            string regexQueryString = "(&|%26)?(password|accesskey|secretkey)(=|%3D).*?(?=(%26|[&'\"]))";
+            string regexJson = "\"(password|accesskey|secretkey)\":\".*?\",?";
+            cleanString = System.Text.RegularExpressions.Regex.Replace(stringToClean, regexQueryString, "");
+            cleanString = System.Text.RegularExpressions.Regex.Replace(cleanString, regexJson, "");
+            return cleanString;
+        }
+
         // from http://stackoverflow.com/a/2541569/939250
         #region imports
         [DllImport("advapi32.dll", SetLastError = true)]

Original file line number	Diff line number	Diff line change
`@@ -254,7 +254,7 @@ public static VolumeObjectTO ParseJson(dynamic json)`
`254`	`254`	`// Assert`
`255`	`255`	`if (result.dataStore == null \|\| (result.primaryDataStore == null && result.nfsDataStore == null))`
`256`	`256`	`{`
`257`		`- String errMsg = "VolumeObjectTO missing dataStore in spec " + volumeObjectTOJson.ToString();`
	`257`	`+ String errMsg = "VolumeObjectTO missing dataStore in spec " + Utils.CleanString(volumeObjectTOJson.ToString());`
`258`	`258`	`logger.Error(errMsg);`
`259`	`259`	`throw new ArgumentNullException(errMsg);`
`260`	`260`	`}`
`@@ -292,7 +292,7 @@ private static void GuessFileExtension(VolumeObjectTO volInfo)`
`292`	`292`	`}`
`293`	`293`	`else`
`294`	`294`	`{`
`295`		`- String errMsg = "VolumeObjectTO missing dataStore in spec " + volInfo.ToString();`
	`295`	`+ String errMsg = "VolumeObjectTO missing dataStore in spec " + Utils.CleanString(volInfo.ToString());`
`296`	`296`	`logger.Error(errMsg);`
`297`	`297`	`throw new ArgumentNullException(errMsg);`
`298`	`298`	`}`
Original file line number	Diff line number	Diff line change
`@@ -207,7 +207,7 @@ public JContainer AttachCommand([FromBody]dynamic cmd)`
`207`	`207`	`{`
`208`	`208`	`using (log4net.NDC.Push(Guid.NewGuid().ToString()))`
`209`	`209`	`{`
`210`		`- logger.Info(CloudStackTypes.AttachCommand + cmd.ToString());`
	`210`	`+ logger.Info(CloudStackTypes.AttachCommand + Utils.CleanString(cmd.ToString()));`
`211`	`211`
`212`	`212`	`string details = null;`
`213`	`213`	`bool result = false;`
`@@ -268,7 +268,7 @@ public JContainer DetachCommand([FromBody]dynamic cmd)`
`268`	`268`	`{`
`269`	`269`	`using (log4net.NDC.Push(Guid.NewGuid().ToString()))`
`270`	`270`	`{`
`271`		`- logger.Info(CloudStackTypes.DettachCommand + cmd.ToString());`
	`271`	`+ logger.Info(CloudStackTypes.DettachCommand + Utils.CleanString(cmd.ToString()));`
`272`	`272`
`273`	`273`	`string details = null;`
`274`	`274`	`bool result = false;`
`@@ -485,7 +485,7 @@ private static JArray ReturnCloudStackTypedJArray(object ansContent, string ansT`
`485`	`485`	`{`
`486`	`486`	`JObject ansObj = Utils.CreateCloudStackObject(ansType, ansContent);`
`487`	`487`	`JArray answer = new JArray(ansObj);`
`488`		`- logger.Info(ansObj.ToString());`
	`488`	`+ logger.Info(Utils.CleanString(ansObj.ToString()));`
`489`	`489`	`return answer;`
`490`	`490`	`}`
`491`	`491`
`@@ -496,7 +496,7 @@ public JContainer CreateCommand([FromBody]dynamic cmd)`
`496`	`496`	`{`
`497`	`497`	`using (log4net.NDC.Push(Guid.NewGuid().ToString()))`
`498`	`498`	`{`
`499`		`- logger.Info(CloudStackTypes.CreateCommand + cmd.ToString());`
	`499`	`+ logger.Info(CloudStackTypes.CreateCommand + Utils.CleanString(cmd.ToString()));`
`500`	`500`
`501`	`501`	`string details = null;`
`502`	`502`	`bool result = false;`
`@@ -603,7 +603,7 @@ public JContainer PrimaryStorageDownloadCommand([FromBody]dynamic cmd)`
`603`	`603`	`{`
`604`	`604`	`using (log4net.NDC.Push(Guid.NewGuid().ToString()))`
`605`	`605`	`{`
`606`		`- logger.Info(CloudStackTypes.PrimaryStorageDownloadCommand + cmd.ToString());`
	`606`	`+ logger.Info(CloudStackTypes.PrimaryStorageDownloadCommand + Utils.CleanString(cmd.ToString()));`
`607`	`607`	`string details = null;`
`608`	`608`	`bool result = false;`
`609`	`609`	`long size = 0;`
`@@ -871,7 +871,7 @@ public JContainer CreateStoragePoolCommand([FromBody]dynamic cmd)`
`871`	`871`	`{`
`872`	`872`	`using (log4net.NDC.Push(Guid.NewGuid().ToString()))`
`873`	`873`	`{`
`874`		`- logger.Info(CloudStackTypes.CreateStoragePoolCommand + cmd.ToString());`
	`874`	`+ logger.Info(CloudStackTypes.CreateStoragePoolCommand + Utils.CleanString(cmd.ToString()));`
`875`	`875`	`object ansContent = new`
`876`	`876`	`{`
`877`	`877`	`result = true,`
`@@ -889,7 +889,7 @@ public JContainer ModifyStoragePoolCommand([FromBody]dynamic cmd)`
`889`	`889`	`{`
`890`	`890`	`using (log4net.NDC.Push(Guid.NewGuid().ToString()))`
`891`	`891`	`{`
`892`		`- logger.Info(CloudStackTypes.ModifyStoragePoolCommand + cmd.ToString());`
	`892`	`+ logger.Info(CloudStackTypes.ModifyStoragePoolCommand + Utils.CleanString(cmd.ToString()));`
`893`	`893`	`string details = null;`
`894`	`894`	`string localPath;`
`895`	`895`	`StoragePoolType poolType;`
`@@ -1045,7 +1045,7 @@ public JContainer StartCommand([FromBody]dynamic cmd)`
`1045`	`1045`	`{`
`1046`	`1046`	`using (log4net.NDC.Push(Guid.NewGuid().ToString()))`
`1047`	`1047`	`{`
`1048`		`- logger.Info(CloudStackTypes.StartCommand + cmd.ToString()); // TODO: Security hole? VM data printed to log`
	`1048`	`+ logger.Info(CloudStackTypes.StartCommand + Utils.CleanString(cmd.ToString()));`
`1049`	`1049`	`string details = null;`
`1050`	`1050`	`bool result = false;`
`1051`	`1051`
`@@ -1144,7 +1144,7 @@ public JContainer CreateObjectCommand([FromBody]dynamic cmd)`
`1144`	`1144`	`{`
`1145`	`1145`	`using (log4net.NDC.Push(Guid.NewGuid().ToString()))`
`1146`	`1146`	`{`
`1147`		`- logger.Info(CloudStackTypes.CreateObjectCommand + cmd.ToString());`
	`1147`	`+ logger.Info(CloudStackTypes.CreateObjectCommand + Utils.CleanString(cmd.ToString()));`
`1148`	`1148`
`1149`	`1149`	`bool result = false;`
`1150`	`1150`	`string details = null;`
`@@ -1315,7 +1315,7 @@ public JContainer CopyCommand(dynamic cmd)`
`1315`	`1315`	`using (log4net.NDC.Push(Guid.NewGuid().ToString()))`
`1316`	`1316`	`{`
`1317`	`1317`	`// Log command after we've removed security details from the command.`
`1318`		`- logger.Info(CloudStackTypes.CopyCommand + cmd.ToString());`
	`1318`	`+ logger.Info(CloudStackTypes.CopyCommand + Utils.CleanString(cmd.ToString()));`
`1319`	`1319`
`1320`	`1320`	`bool result = false;`
`1321`	`1321`	`string details = null;`
`@@ -1691,7 +1691,7 @@ public JContainer GetStorageStatsCommand([FromBody]dynamic cmd)`
`1691`	`1691`	`{`
`1692`	`1692`	`using (log4net.NDC.Push(Guid.NewGuid().ToString()))`
`1693`	`1693`	`{`
`1694`		`- logger.Info(CloudStackTypes.GetStorageStatsCommand + cmd.ToString());`
	`1694`	`+ logger.Info(CloudStackTypes.GetStorageStatsCommand + Utils.CleanString(cmd.ToString()));`
`1695`	`1695`	`bool result = false;`
`1696`	`1696`	`string details = null;`
`1697`	`1697`	`long capacity = 0;`