Uploaded image for project: 'Geode'
  1. Geode
  2. GEODE-9354

Refactor ArgumentRedactor and add tests for ssl-*store-password props

    XMLWordPrintableJSON

Details

    Description

      Refactor ArgumentRedactor to clean it up and make sure it's efficient.

      Add test coverage for log statements containing:

      -Dgemfire.ssl-truststore-password=<PASSWORD>
-Dgemfire.ssl-keystore-password=<PASSWORD>


      Related to CVE-2021-34797 in which logging is vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This issue is fixed by overhauling the log file redaction in Apache Geode versions 1.12.5, 1.13.5, and 1.14.0.

      Fixed in https://github.com/apache/geode/pull/6641.

      Backported to:

      Attachments

        Activity

          People

            klund Kirk Lund
            klund Kirk Lund
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: