[ZOOKEEPER-3989] GenerateLoad needs to use log for protecting sensitive data - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.4.11, 3.4.13
Fix Version/s: 3.7.0
Component/s: tests
Labels:
- pull-request-available

Description

n methods of org.apache.zookeeper.test.system.GenerateLoad,

public static void main(String[] args) throws InterruptedException,
KeeperException, NoAvailableContainers, DuplicateNameException,
NoAssignmentException {
......
if (!statusWatcher.waitConnected(5000))

{ System.err.println("Could not connect to " + args[0]); return; }

......
String mode = getMode(parts[i]);
if (mode.equals("leader"))

{ zkHostPort = new StringBuilder(parts[i]); System.out.println("Connecting exclusively to " + zkHostPort.toString()); break outer; }

try

{ String cmdNumber[] = line.split(" "); ...... }

catch (NumberFormatException e)

{ System.out.println("Not a valid number: " + e.getMessage()); }

......
}
}
Sensitive data about args[0], zkHostPort, and cmdNumber are directly printed and may leak.
For security, log should be used to record these data, as well as log in other classes such as org.apache.zookeeper.server.ZooKeeperServer:
LOG = LoggerFactory.getLogger(GenerateLoad.class);
......
LOG.error("Could not connect to " + args[0]);
......
LOG.info("Connecting exclusively to " + zkHostPort.toString());
......
LOG.error("Not a valid number: " + e.getMessage());

Attachments

Issue Links

links to

GitHub Pull Request #1530

Activity

People

Assignee:: Unassigned

Reporter:: xiaoqin.fu

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 03/Nov/20 05:20

Updated:: 28/Mar/21 08:54

Resolved:: 23/Nov/20 11:40

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1.5h