yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(node_dump): obfuscate more secrets

This commit is contained in:
Zaiming Shi 2021-05-16 19:22:38 +02:00
parent a7d2f44a5b
commit 5013fb6920
3 changed files with 28 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/emqx.app.src
View File

@ -1,7 +1,7 @@
{application, emqx, {application, emqx,
[{id, "emqx"}, [{id, "emqx"},
{description, "EMQ X"}, {description, "EMQ X"},
{vsn, "4.3.1"}, % strict semver, bump manually! {vsn, "4.3.2"}, % strict semver, bump manually!
{modules, []}, {modules, []},
{registered, []}, {registered, []},
{applications, [kernel,stdlib,gproc,gen_rpc,esockd,cowboy,sasl,os_mon]}, {applications, [kernel,stdlib,gproc,gen_rpc,esockd,cowboy,sasl,os_mon]},

7
src/emqx.appup.src
View File

@ -1,6 +1,9 @@
%% -*-: erlang -*- %% -*-: erlang -*-
{VSN, {VSN,
[ [
{"4.3.1", [
{load_module, emqx_node_dump, brutal_purge, soft_purge, []}
]},
{"4.3.0", [ {"4.3.0", [
{load_module, emqx_logger_jsonfmt, brutal_purge, soft_purge, []}, {load_module, emqx_logger_jsonfmt, brutal_purge, soft_purge, []},
{load_module, emqx_connection, brutal_purge, soft_purge, []}, {load_module, emqx_connection, brutal_purge, soft_purge, []},
@ -12,6 +15,9 @@
{<<".*">>, []} {<<".*">>, []}
], ],
[ [
{"4.3.1", [
{load_module, emqx_node_dump, brutal_purge, soft_purge, []}
]},
{"4.3.0", [ {"4.3.0", [
{load_module, emqx_logger_jsonfmt, brutal_purge, soft_purge, []}, {load_module, emqx_logger_jsonfmt, brutal_purge, soft_purge, []},
{load_module, emqx_connection, brutal_purge, soft_purge, []}, {load_module, emqx_connection, brutal_purge, soft_purge, []},
@ -21,6 +27,7 @@
%% and 'messages.retained' counter type. %% and 'messages.retained' counter type.
{load_module, emqx_metrics, brutal_purge, soft_purge, []} {load_module, emqx_metrics, brutal_purge, soft_purge, []}
]}, ]},
{<<".*">>, []} {<<".*">>, []}
] ]
}. }.

28
src/emqx_node_dump.erl
View File

@ -45,16 +45,28 @@ censor(Path, M) when is_map(M) ->
maps:map(Fun, M); maps:map(Fun, M);
censor(Path, L = [Fst|_]) when is_tuple(Fst) -> censor(Path, L = [Fst|_]) when is_tuple(Fst) ->
[censor(Path, I) || I <- L]; [censor(Path, I) || I <- L];
censor(Path, Val) -> censor([Key | _], Val) ->
case Path of case is_sensitive(Key) of
[password|_] -> true -> obfuscate_value(Val);
obfuscate_value(Val); false -> Val
[secret|_] ->
obfuscate_value(Val);
_ ->
Val
end. end.
is_sensitive(Key) when is_atom(Key) ->
is_sensitive(atom_to_binary(Key));
is_sensitive(Key) when is_list(Key) ->
try iolist_to_binary(Key) of
Bin ->
is_sensitive(Bin)
catch
_ : _ ->
false
end;
is_sensitive(Key) when is_binary(Key) ->
lists:any(fun(Pattern) -> re:run(Key, Pattern) =/= nomatch end,
["passwd", "password", "secret"]);
is_sensitive(Key) when is_tuple(Key) ->
false.
obfuscate_value(Val) when is_binary(Val) -> obfuscate_value(Val) when is_binary(Val) ->
<<"********">>; <<"********">>;
obfuscate_value(_Val) -> obfuscate_value(_Val) ->