Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-16801

PasswordObfuscator should not assume PASSWORD is the last item in the WITH clause

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Fix Version/s: 4.0.x, 4.x
    • Component/s: Tool/auditlogging
    • Labels:
      None
    • Bug Category:
      Correctness
    • Severity:
      Normal
    • Complexity:
      Normal
    • Discovered By:
      Code Inspection
    • Platform:
      All
    • Impacts:
      None

      Description

      CASSANDRA-16669 introduced support for obfuscating passwords for audit log statements, but there are a few cases where the obfuscation logic can destroy some of the contents of the original/provided string.

      ex. This is perfectly valid...

      WITH LOGIN = false AND PASSWORD = 'bar' AND SUPERUSER = false
      

      ...but calling obfuscate() on it will produce...

      WITH LOGIN = false AND PASSWORD *******
      

      We should be able to create a reasonable RegEx and use String#replaceAll() to both simplify and correct PasswordObfuscator#obfuscate().

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                maedhroz Caleb Rackliffe
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated: