Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-5772

Security: after open debug log for qpid, python qpid driver will print all information including sensitive data

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Won't Fix
    • None
    • None
    • Python Client

    Description

      For example, logs as below.

      Is it possible to have Qpid to provide options/configurations to NOT print certain credential fieds in the debug logs? It will benefit product security that are adopting QPID as amqp implementation.

      Such as messaging/driver.py writeable, write method
      rawlog.debug("SENT[%s]: %r", self.log_id, sent)
      opslog.debug("RCVD[%s]: %r", self.log_id, op)
      opslog.debug("SENT[%s]: %r", self.log_id, op)
      log.debug("RACK[%s]: %s", sst.session.log_id, msg)
      ...

      2014-05-15 04:07:07.756 19781 DEBUG qpid.messaging [-] SENT[3ae25a8]: Message(ttl=60, properties=

      {'qpid.subject': 'topic/nova/conductor'}

      , content={'oslo.message': '{"_context_roles": ["_member_", "admin"], "_msg_id": "7216c147b92048b38a779e0a37506edf", "_context_quota_class": null, "_context_request_id": "req-4e6960a0-89e2-410b-b67c-2fcda1b526e2", "_context_service_catalog": [{"endpoints_links": [], "endpoints": [

      {"adminURL": "http://9.123.137.154:8776/v1/c33546258c0a4733aa8eb56418df6438", "region": "RegionOne", "publicURL": "http://9.123.137.154:8776/v1/c33546258c0a4733aa8eb56418df6438", "internalURL": "http://9.123.137.154:8776/v1/c33546258c0a4733aa8eb56418df6438", "id": "165be0534de5425daed4ee40da0d2f47"}

      ], "type": "volume", "name": "cinder"}], "args": {"values": {"instance_uuid": "0b39e666-aa4e-4f54-89f8-2bc0f5d86e89", "start_time": "2014-05-15T09:07:07.750051", "event": "compute_terminate_instance", "request_id": "req-4e6960a0-89e2-410b-b67c-2fcda1b526e2"}}, "_unique_id": "e7392f1384134643bba0966088fcdaad", "_context_user": "f36557892ea44962b8b6e9f1897f2605", "_context_user_id": "f36557892ea44962b8b6e9f1897f2605", "_context_project_name": "service", "_context_read_deleted": "no", "_reply_q": "reply_02768c332dd445d79ce253efd75b32b8", "_context_auth_token": "202cdaf88b284afeafbbc77dc10f9058", "_context_tenant": "c33546258c0a4733aa8eb56418df6438", "_context_instance_lock_checked": false, "_context_is_admin": true, "version": "2.0", "_context_project_id": "c33546258c0a4733aa8eb56418df6438", "_context_timestamp": "2014-05-15T09:07:07.482164", "_context_user_name": "admin", "method": "action_event_start", "_context_remote_address": "9.123.137.154"}', 'oslo.version': '2.0'}) send /usr/lib/python2.6/site-packages/qpid/messaging/driver.py:1283

      Attachments

        Activity

          People

            Unassigned Unassigned
            zarric zhu zhu
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: