yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1697408] Re: Passwords in user body requests are not being masked before logged for debug

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1697408@xxxxxxxxxxxxxxxxxx>
Date: Tue, 13 Jun 2017 09:23:27 -0000
Reply-to: Bug 1697408 <1697408@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/473393
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=f5f8a75963a169a477fd732785150dbb559d176e
Submitter: Jenkins
Branch:    master

commit f5f8a75963a169a477fd732785150dbb559d176e
Author: Roey Chen <roeyc@xxxxxxxxxx>
Date:   Mon Jun 12 05:36:23 2017 -0700

    Mask password when logging request body
    
    Change-Id: I825ab268c140b991e39583cd2c2d557a202b7d97
    Closes-Bug: #1697408


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1697408

Title:
  Passwords in user body requests are not being masked before logged for
  debug

Status in neutron:
  Fix Released

Bug description:
  Neutron logs (debug level) any request it start to process
  (http://git.openstack.org/cgit/openstack/neutron/tree/neutron/api/v2/base.py#n695).

  The issue is when user request contains passwords - password will be viewable in plain text.
  For example, the following API requires password to be passed in the request:

  $ neutron bgp-peer-create --peer-ip 12.12.12.34 --remote-as 65000
  --auth-type md5 --paswword admin123 PEER1

  In the logs:
  Request body: {u'bgp_peer': {u'auth_type': u'md5', u'password': u'admin123', u'remote_as': u'65000', u'name': u'PEER1', u'peer_ip': u'12.12.12.34'}

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1697408/+subscriptions