Merge pull request #10878 from kjellwinblad/kjell/bridge/rabbitmq_password_log_leak/EMQX-9976
fix: password log leak in RabbitMQ bridge
This commit is contained in:
commit
036f180c27
|
@ -1,6 +1,6 @@
|
||||||
{application, emqx_bridge_rabbitmq, [
|
{application, emqx_bridge_rabbitmq, [
|
||||||
{description, "EMQX Enterprise RabbitMQ Bridge"},
|
{description, "EMQX Enterprise RabbitMQ Bridge"},
|
||||||
{vsn, "0.1.1"},
|
{vsn, "0.1.2"},
|
||||||
{registered, []},
|
{registered, []},
|
||||||
{applications, [kernel, stdlib, ecql, rabbit_common, amqp_client]},
|
{applications, [kernel, stdlib, ecql, rabbit_common, amqp_client]},
|
||||||
{env, []},
|
{env, []},
|
||||||
|
|
|
@ -13,6 +13,7 @@
|
||||||
|
|
||||||
%% Needed to create RabbitMQ connection
|
%% Needed to create RabbitMQ connection
|
||||||
-include_lib("amqp_client/include/amqp_client.hrl").
|
-include_lib("amqp_client/include/amqp_client.hrl").
|
||||||
|
-include_lib("credentials_obfuscation/include/credentials_obfuscation.hrl").
|
||||||
|
|
||||||
-behaviour(emqx_resource).
|
-behaviour(emqx_resource).
|
||||||
-behaviour(hocon_schema).
|
-behaviour(hocon_schema).
|
||||||
|
@ -230,6 +231,17 @@ on_start(
|
||||||
processed_payload_template => ProcessedTemplate,
|
processed_payload_template => ProcessedTemplate,
|
||||||
config => Config
|
config => Config
|
||||||
},
|
},
|
||||||
|
%% Initialize RabbitMQ's secret library so that the password is encrypted
|
||||||
|
%% in the log files.
|
||||||
|
case credentials_obfuscation:secret() of
|
||||||
|
?PENDING_SECRET ->
|
||||||
|
Bytes = crypto:strong_rand_bytes(128),
|
||||||
|
%% The password can appear in log files if we don't do this
|
||||||
|
credentials_obfuscation:set_secret(Bytes);
|
||||||
|
_ ->
|
||||||
|
%% Already initialized
|
||||||
|
ok
|
||||||
|
end,
|
||||||
case emqx_resource_pool:start(InstanceID, ?MODULE, Options) of
|
case emqx_resource_pool:start(InstanceID, ?MODULE, Options) of
|
||||||
ok ->
|
ok ->
|
||||||
{ok, State};
|
{ok, State};
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
A vulnerability in the RabbitMQ bridge, which could potentially expose passwords to log files, has been rectified
|
Loading…
Reference in New Issue