[CASSANDRA-16817] Fix ERROR message which prints data information in the logs - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 3.0.26, 3.11.12, 4.0.1, 4.1-alpha1, 4.1
Component/s: Feature/Materialized Views
Labels:
None

Bug Category:
Security - Information Leakage
Severity:
Low
Complexity:
Low Hanging Fruit
Discovered By:
User Report
Platform:

All
Impacts:

None
Since Version:

3.0.15
Source Control Link:

https://github.com/apache/cassandra/commit/69b653a01f09874d73bc70e1e7a7670859a4e4a4
Test and Documentation Plan:

Hide

Changing the log message should be enough

Show
Changing the log message should be enough

Description

StorageProxy.mutateMV might log an error message that prints user data in the logs beyond the row key, for example:

ERROR [MutationStage-2] 2021-07-28 13:08:52,609 StorageProxy.java:1002 - Error applying local view update to keyspace k: Mutation(keyspace='k', key='00000001', modifications=[
  [k.mv] key=1 partition_deletion=deletedAt=-9223372036854775808, localDeletion=2147483647 columns=[[] | []]
    Row[info=[ts=1627474132606719] ]: k=0, v=MY CONFIDENTIAL DATA |
])

We should probably change that log message so it doesn't print the entire mutation but only the keyspace, tables and partition key of the mutation.

Attachments

Activity

People

Assignee:: Andres de la Peña

Reporter:: Andres de la Peña

Authors:: Andres de la Peña

Reviewers:: Brandon Williams

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 28/Jul/21 12:20

Updated:: 27/May/22 19:25

Resolved:: 29/Jul/21 11:18