yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1534763] Re: Sensitive location_data information exposed in debug message

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1534763@xxxxxxxxxxxxxxxxxx>
Date: Tue, 16 Feb 2016 20:56:35 -0000
Reply-to: Bug 1534763 <1534763@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/280778
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=093af94c315dc4105ea060936dce37bd91a6e9a2
Submitter: Jenkins
Branch:    master

commit 093af94c315dc4105ea060936dce37bd91a6e9a2
Author: Cyril Roelandt <cyril@xxxxxxxxxx>
Date:   Tue Feb 16 16:46:25 2016 +0100

    Do not log sensitive data
    
    The content of the "location_data" was leaked in the logs.
    
    Change-Id: I90b1b8b5be1f9ca9ecd9be62e46531d3c50df777
    Closes-Bug: #1534763


** Changed in: glance
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1534763

Title:
  Sensitive location_data information exposed in debug message

Status in Glance:
  Fix Released

Bug description:
  When creating an image with the swift backend, the swift object URL
  (including password) is logged at debug level in the registry log.
  The locations field is currently censored, but location_data is not.

  Example:
  # glance image-create --name test --disk-format raw --container-format bare < init.sh
  +------------------+--------------------------------------+
  | Property         | Value                                |
  +------------------+--------------------------------------+
  | checksum         | 463dafb5b048669f108dd1bb1545c5b6     |
  | container_format | bare                                 |
  | created_at       | 2016-01-15T17:27:18.000000           |
  | deleted          | False                                |
  | deleted_at       | None                                 |
  | disk_format      | raw                                  |
  | id               | c4d1a9fe-0ee8-4df6-81f4-7dc74a96b010 |
  | is_public        | False                                |
  | min_disk         | 0                                    |
  | min_ram          | 0                                    |
  | name             | test                                 |
  | owner            | b426c75b76de448481322f4a0bd5dbbe     |
  | protected        | False                                |
  | size             | 153                                  |
  | status           | active                               |
  | updated_at       | 2016-01-15T17:27:19.000000           |
  | virtual_size     | None                                 |
  +------------------+--------------------------------------+
  # grep -rn 6TWxXyb5L2qenL4uAZTB /var/log/glance/
  /var/log/glance/glance-registry.log:967:2016-01-15 17:27:19.321 18032 DEBUG glance.registry.api.v1.images [req-5207a920-90c3-4d84-b572-127b56d10fc1 3604171c33684cc9a4c11d5506cc3c34 b426c75b76de448481322f4a0bd5dbbe - - -] Updating image c4d1a9fe-0ee8-4df6-81f4-7dc74a96b010 with metadata: {u'status': u'active', u'location_data': [{u'url': u'swift+http://service%3Aglance:6TWxXyb5L2qenL4uAZTB@10.142.0.1:5000/v2.0/images/c4d1a9fe-0ee8-4df6-81f4-7dc74a96b010', u'status': u'active', u'metadata': {}}]} update /usr/lib/python2.7/site-packages/glance/registry/api/v1/images.py:469

  Adding 'location_data' to the filtered fields in
  https://github.com/openstack/glance/blob/master/glance/registry/api/v1/images.py#L461
  fixed this issue.

  Seen on stable/kilo, but the censoring code does not appear to have
  changed since.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1534763/+subscriptions

References

[Bug 1534763] [NEW] Sensitive location_data information exposed in debug message
From: Mark Goddard, 2016-01-15