From 0eea8438bf9c1fa9b6397901b17eb605fd24c134 Mon Sep 17 00:00:00 2001 From: firest Date: Tue, 25 Apr 2023 16:56:20 +0800 Subject: [PATCH 1/2] fix(resource): make some logging of the resource manager more secure --- apps/emqx_resource/src/emqx_resource_manager.erl | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/apps/emqx_resource/src/emqx_resource_manager.erl b/apps/emqx_resource/src/emqx_resource_manager.erl index f42d3c1b5..c9417583e 100644 --- a/apps/emqx_resource/src/emqx_resource_manager.erl +++ b/apps/emqx_resource/src/emqx_resource_manager.erl @@ -387,7 +387,7 @@ handle_event(EventType, EventData, State, Data) -> event_type => EventType, event_data => EventData, state => State, - data => Data + data => redact_data(Data) } ), keep_state_and_data. @@ -397,15 +397,15 @@ log_state_consistency(State, #data{status = State} = Data) -> log_state_consistency(State, Data) -> ?tp(warning, "inconsistent_state", #{ state => State, - data => Data + data => redact_data(Data) }). log_cache_consistency(Data, Data) -> ok; log_cache_consistency(DataCached, Data) -> ?tp(warning, "inconsistent_cache", #{ - cache => DataCached, - data => Data + cache => redact_data(DataCached), + data => redact_data(Data) }). %%------------------------------------------------------------------------------ @@ -661,3 +661,9 @@ safe_call(ResId, Message, Timeout) -> exit:{timeout, _} -> {error, timeout} end. + +%% the config and state of a bridge often contains some sensitive data +%% we shouldn't expose them to logs +redact_data(Data) -> + Msg = <<"this data is redacted due to security reasons">>, + Data#data{config = Msg, state = Msg}. From baeb96a6e48c24a2275a80b158f43e8d5a3d2cdb Mon Sep 17 00:00:00 2001 From: firest Date: Tue, 25 Apr 2023 17:23:54 +0800 Subject: [PATCH 2/2] chore: update changes --- apps/emqx_resource/src/emqx_resource_manager.erl | 14 ++++---------- changes/ce/perf-10511.en.md | 1 + 2 files changed, 5 insertions(+), 10 deletions(-) create mode 100644 changes/ce/perf-10511.en.md diff --git a/apps/emqx_resource/src/emqx_resource_manager.erl b/apps/emqx_resource/src/emqx_resource_manager.erl index c9417583e..cd858bda3 100644 --- a/apps/emqx_resource/src/emqx_resource_manager.erl +++ b/apps/emqx_resource/src/emqx_resource_manager.erl @@ -387,7 +387,7 @@ handle_event(EventType, EventData, State, Data) -> event_type => EventType, event_data => EventData, state => State, - data => redact_data(Data) + data => emqx_utils:redact(Data) } ), keep_state_and_data. @@ -397,15 +397,15 @@ log_state_consistency(State, #data{status = State} = Data) -> log_state_consistency(State, Data) -> ?tp(warning, "inconsistent_state", #{ state => State, - data => redact_data(Data) + data => emqx_utils:redact(Data) }). log_cache_consistency(Data, Data) -> ok; log_cache_consistency(DataCached, Data) -> ?tp(warning, "inconsistent_cache", #{ - cache => redact_data(DataCached), - data => redact_data(Data) + cache => emqx_utils:redact(DataCached), + data => emqx_utils:redact(Data) }). %%------------------------------------------------------------------------------ @@ -661,9 +661,3 @@ safe_call(ResId, Message, Timeout) -> exit:{timeout, _} -> {error, timeout} end. - -%% the config and state of a bridge often contains some sensitive data -%% we shouldn't expose them to logs -redact_data(Data) -> - Msg = <<"this data is redacted due to security reasons">>, - Data#data{config = Msg, state = Msg}. diff --git a/changes/ce/perf-10511.en.md b/changes/ce/perf-10511.en.md new file mode 100644 index 000000000..953ecf693 --- /dev/null +++ b/changes/ce/perf-10511.en.md @@ -0,0 +1 @@ +Improve the security and privacy of some resource logs by masking sensitive information in the data.