Merge pull request #11684 from lafirest/fix/sso_redact

fix: redact sensitive data in SSO and LDAP
2023-09-26 15:48:09 +08:00 · 2023-09-26 15:48:09 +08:00 · 28b8252081
parent 1df8326fb8 8135e27586
commit 28b8252081
4 changed files with 28 additions and 13 deletions
--- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_api.erl
+++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_api.erl
@ -159,17 +159,23 @@ login(post, #{bindings := #{backend := Backend}, body := Body} = Request) ->
        State ->
            case emqx_dashboard_sso:login(provider(Backend), Request, State) of
                {ok, Role, Token} ->
-                    ?SLOG(info, #{msg => "dashboard_sso_login_successful", request => Request}),
+                    ?SLOG(info, #{
+                        msg => "dashboard_sso_login_successful",
+                        request => emqx_utils:redact(Request)
+                    }),
                    Username = maps:get(<<"username">>, Body),
                    {200, login_meta(Username, Role, Token)};
                {redirect, Redirect} ->
-                    ?SLOG(info, #{msg => "dashboard_sso_login_redirect", request => Request}),
+                    ?SLOG(info, #{
+                        msg => "dashboard_sso_login_redirect",
+                        request => emqx_utils:redact(Request)
+                    }),
                    Redirect;
                {error, Reason} ->
                    ?SLOG(info, #{
                        msg => "dashboard_sso_login_failed",
-                        request => Request,
-                        reason => Reason
+                        request => emqx_utils:redact(Request),
+                        reason => emqx_utils:redact(Reason)
                    }),
                    {401, #{code => ?BAD_USERNAME_OR_PWD, message => <<"Auth failed">>}}
            end
@ -193,10 +199,14 @@ backend(get, #{bindings := #{backend := Type}}) ->
            {200, to_json(Backend)}
    end;
 backend(put, #{bindings := #{backend := Backend}, body := Config}) ->
-    ?SLOG(info, #{msg => "Update SSO backend", backend => Backend, config => Config}),
+    ?SLOG(info, #{
+        msg => "update_sso_backend",
+        backend => Backend,
+        config => emqx_utils:redact(Config)
+    }),
    on_backend_update(Backend, Config, fun emqx_dashboard_sso_manager:update/2);
 backend(delete, #{bindings := #{backend := Backend}}) ->
-    ?SLOG(info, #{msg => "Delete SSO backend", backend => Backend}),
+    ?SLOG(info, #{msg => "delete_sso_backend", backend => Backend}),
    handle_backend_update_result(emqx_dashboard_sso_manager:delete(Backend), undefined).

 sso_parameters(Params) ->
--- a/apps/emqx_ldap/src/emqx_ldap.erl
+++ b/apps/emqx_ldap/src/emqx_ldap.erl
@ -158,7 +158,7 @@ on_start(
        {error, Reason} ->
            ?tp(
                ldap_connector_start_failed,
-                #{error => Reason}
+                #{error => emqx_utils:redact(Reason)}
            ),
            {error, Reason}
    end.
@ -248,7 +248,7 @@ do_ldap_query(
    SearchOptions,
    #{pool_name := PoolName} = State
 ) ->
-    LogMeta = #{connector => InstId, search => SearchOptions, state => State},
+    LogMeta = #{connector => InstId, search => SearchOptions, state => emqx_utils:redact(State)},
    ?TRACE("QUERY", "ldap_connector_received", LogMeta),
    case
        ecpool:pick_and_do(
@ -268,7 +268,10 @@ do_ldap_query(
        {error, Reason} ->
            ?SLOG(
                error,
-                LogMeta#{msg => "ldap_connector_do_query_failed", reason => Reason}
+                LogMeta#{
+                    msg => "ldap_connector_do_query_failed",
+                    reason => emqx_utils:redact(Reason)
+                }
            ),
            {error, {unrecoverable_error, Reason}}
    end.
--- a/apps/emqx_ldap/src/emqx_ldap_authz.erl
+++ b/apps/emqx_ldap/src/emqx_ldap_authz.erl
@ -116,7 +116,7 @@ authorize(
        {error, Reason} ->
            ?SLOG(error, #{
                msg => "query_ldap_error",
-                reason => Reason,
+                reason => emqx_utils:redact(Reason),
                resource_id => ResourceID
            }),
            nomatch
--- a/apps/emqx_ldap/src/emqx_ldap_bind_worker.erl
+++ b/apps/emqx_ldap/src/emqx_ldap_bind_worker.erl
@ -61,7 +61,7 @@ on_query(
    {bind, Data},
    #{
        base_tokens := DNTks,
-        bind_password_tokens := PWTks,
+        bind_password := PWTks,
        bind_pool_name := PoolName
    } = State
 ) ->
@ -86,7 +86,7 @@ on_query(
        {error, Reason} ->
            ?SLOG(
                error,
-                LogMeta#{msg => "ldap_bind_failed", reason => Reason}
+                LogMeta#{msg => "ldap_bind_failed", reason => emqx_utils:redact(Reason)}
            ),
            {error, {unrecoverable_error, Reason}}
    end.
@ -100,7 +100,9 @@ prepare_template(Config, State) ->
    do_prepare_template(maps:to_list(maps:with([bind_password], Config)), State).

 do_prepare_template([{bind_password, V} | T], State) ->
-    do_prepare_template(T, State#{bind_password_tokens => emqx_placeholder:preproc_tmpl(V)});
+    %% This is sensitive data
+    %% to reduce match cases, here we reuse the existing sensitive filter key: bind_password
+    do_prepare_template(T, State#{bind_password => emqx_placeholder:preproc_tmpl(V)});
 do_prepare_template([], State) ->
    State.