Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Invalid
-
0.11.0, 0.12.0
-
None
-
None
Description
In org.apache.thrift.transport.TSaslTransport,
public void open() throws TTransportException {
.......
LOGGER.debug("{}: Start message handled", getRole());
.......
LOGGER.debug("{}: All done!", getRole());
.......
LOGGER.debug("{}: Main negotiation loop complete", getRole());
.......
LOGGER.debug("{}: SASL Client receiving last message", getRole());
.......
}
Sensitive information about Role is leaked. The LOGGER.isDebugEnabled() conditional statements should be added:
public void open() throws TTransportException {
.......
if (LOGGER.isDebugEnabled())
LOGGER.debug("{}: Start message handled", getRole());
.......
if (LOGGER.isDebugEnabled())
LOGGER.debug("{}: All done!", getRole());
.......
if (LOGGER.isDebugEnabled())
LOGGER.debug("{}: Main negotiation loop complete", getRole());
.......
if (LOGGER.isDebugEnabled())
LOGGER.debug("{}: SASL Client receiving last message", getRole());
.......
}
Attachments
Issue Links
- duplicates
-
THRIFT-4928 Sensitive information about expected and actual reading lengths (len, got) is leaked from TIOStreamTransport to TTransport through a TTransportException
- Closed
- links to