yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1247217] Re: Sanitize passwords when logging payload in wsgi for API Extensions

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 23 Jan 2014 15:28:04 -0000
Reply-to: Bug 1247217 <1247217@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: oslo
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1247217

Title:
  Sanitize passwords when logging payload in wsgi for API Extensions

Status in OpenStack Compute (Nova):
  Fix Released
Status in Oslo - a Library of Common OpenStack Code:
  Fix Released

Bug description:
  The fix for bug 1231263 ( https://bugs.launchpad.net/nova/+bug/1231263
  ) addressed not logging the clear-text password in the nova wsgi.py
  module for the adminPass attribute for the Server Change Password REST
  API, but this only addressed that specific attribute.  Since Nova has
  support for the ability to add REST API Extensions (in the contrib
  directory), there could any number of other password-related
  attributes in the request/response body for those additional
  extensions.

  Although it would not be possible to know all of the various sensitive
  attributes that these API's would pass in the request/response (the
  only way to totally eliminate the exposure would be to not log the
  request/response which is useful for debugging), I would like to
  propose a change similar to the one that was made in keystone (under
  https://bugs.launchpad.net/keystone/+bug/1166697) to mask the password
  in the log statement for any attribute that contains the "password"
  sub-string in it.

  The change would in essence be to update the _SANITIZE_KEYS /
  _SANITIZE_PATTERNS lists in the nova/api/openstack/wsgi.py module to
  include a pattern for the "password" sub-string.

  Also, for a slight performance benefit, it may be useful to put a
  check in to see if debug logging level is enabled around the debug
  statement that does the sanitize call (since the request/response
  bodies could be fairly large and wouldn't want to take the hit to do
  the pattern matches if debug isn't on).

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1247217/+subscriptions