Merge pull request #9242 from lafirest/fix/log_sensitive_acl

Use LOG_SENSITIVE to replace the risky LOG in ACL
2022-10-28 13:16:08 +02:00 · 2022-10-28 13:16:08 +02:00 · 86329075cb
parent 8260c55530 eddbf3dc9e
commit 86329075cb
22 changed files with 100 additions and 55 deletions
--- a/apps/emqx_auth_http/src/emqx_auth_http.erl
+++ b/apps/emqx_auth_http/src/emqx_auth_http.erl
@ -53,7 +53,7 @@ check(ClientInfo, AuthResult, #{auth  := AuthParms = #{path := Path},
            {stop, AuthResult#{auth_result => http_to_connack_error(Code),
                               anonymous   => false}};
        {error, Error} ->
-            ?LOG(error, "Deny connection from path: ~s, username: ~ts, due to "
+            ?LOG_SENSITIVE(error, "Deny connection from path: ~s, username: ~ts, due to "
                        "request http-server failed: ~0p",
                 [Path, Username, Error]),
            %%FIXME later: server_unavailable is not right.
@ -91,7 +91,7 @@ is_superuser(SuperParams =
    case request(PoolName, Method, Path, Headers, feedvar(Params, ClientInfo), Timeout, Retry) of
        {ok, 200, _Body}   -> true;
        {ok, _Code, _Body} -> false;
-        {error, Error}     -> ?LOG(error, "Request superuser path ~s, error: ~p", [Path, Error]),
+        {error, Error}     -> ?LOG_SENSITIVE(error, "Request superuser path ~s, error: ~p", [Path, Error]),
                              false
    end.
--- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src
+++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src
@ -1,13 +1,17 @@
 %% -*- mode: erlang -*-
 %% Unless you know what you are doing, DO NOT edit manually!!
 {VSN,
-  [{"4.3.7",[{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]},
+  [{"4.3.7",
    [{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]},
   {<<"4\\.3\\.[3-6]">>,
    [{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]},
   {<<"4\\.3\\.[0-2]">>,[{restart_application,emqx_auth_jwt}]},
   {<<".*">>,[]}],
-  [{"4.3.7",[{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]},
+  [{"4.3.7",
    [{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]},
   {<<"4\\.3\\.[3-6]">>,
    [{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]},
--- a/apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl
+++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl
@ -27,7 +27,7 @@
 %% APIs
 -export([start_link/1]).
-export([verify/1]).
+-export([verify/1, trace/2]).
 %% gen_server callbacks
 -export([ init/1
@ -143,7 +143,8 @@ request_jwks(Addr) ->
                ?tp(debug, emqx_auth_jwt_svr_jwks_updated, #{jwks => Jwks, pid => self()}),
                Jwks
            catch _:_ ->
-                ?LOG(error, "Invalid jwks server response: ~p~n", [Body]),
+                ?MODULE:trace(jwks_server_reesponse, Body),
                ?LOG(error, "Invalid jwks server response, body is not logged for security reasons, trace it if inspection is required", []),
                error(badarg)
            end
    end.
@ -174,7 +175,7 @@ do_verify(JwsCompacted) ->
        end
    catch
        Class : Reason : Stk ->
-            ?LOG(error, "verify JWK crashed: ~p, ~p, stacktrace: ~p~n",
+            ?LOG_SENSITIVE(error, "verify JWK crashed: ~p, ~p, stacktrace: ~p~n",
                        [Class, Reason, Stk]),
            {error, invalid_signature}
    end.
@ -249,13 +250,15 @@ key2jwt_value(Key, Func, Options) ->
        V ->
            try Func(V) of
                {error, Reason} ->
-                    ?LOG(warning, "Build ~p JWK ~p failed: {error, ~p}~n",
+                    ?LOG_SENSITIVE(warning, "Build ~p JWK ~p failed: {error, ~p}~n",
                         [Key, V, Reason]),
                    undefined;
                J -> J
            catch T:R ->
-                    ?LOG(warning, "Build ~p JWK ~p failed: {~p, ~p}~n",
+                    ?LOG_SENSITIVE(warning, "Build ~p JWK ~p failed: {~p, ~p}~n",
                         [Key, V, T, R]),
                    undefined
            end
    end.
 trace(_Tag, _Data) -> ok.
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src
+++ b/apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src
@ -1,6 +1,6 @@
 {application, emqx_auth_ldap,
 [{description, "EMQ X Authentication/ACL with LDAP"},
-  {vsn, "4.3.5"}, % strict semver, bump manually!
+  {vsn, "4.3.6"}, % strict semver, bump manually!
  {modules, []},
  {registered, [emqx_auth_ldap_sup]},
  {applications, [kernel,stdlib,eldap2,ecpool]},
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src
+++ b/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src
@ -1,11 +1,16 @@
 %% -*- mode: erlang -*-
 %% Unless you know what you are doing, DO NOT edit manually!!
 {VSN,
-  [{<<"4\\.3\\.[3-4]">>,
+  [{"4.3.5",
-    [{load_module,emqx_auth_ldap_app,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_ldap_cli,brutal_purge,soft_purge,[]}]},
   {<<"4\\.3\\.[3-4]">>,
    [{load_module,emqx_auth_ldap_cli,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_ldap_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]}]},
   {"4.3.2",
-    [{load_module,emqx_auth_ldap_app,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_auth_ldap_cli,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_ldap_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]},
     {load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]}]},
   {<<"4\\.3\\.[0-1]">>,
@ -14,11 +19,16 @@
     {load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_ldap_cli,brutal_purge,soft_purge,[]}]},
   {<<".*">>,[]}],
-  [{<<"4\\.3\\.[3-4]">>,
+  [{"4.3.5",
-    [{load_module,emqx_auth_ldap_app,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_ldap_cli,brutal_purge,soft_purge,[]}]},
   {<<"4\\.3\\.[3-4]">>,
    [{load_module,emqx_auth_ldap_cli,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_ldap_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]}]},
   {"4.3.2",
-    [{load_module,emqx_auth_ldap_app,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_auth_ldap_cli,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_ldap_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]},
     {load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]}]},
   {<<"4\\.3\\.[0-1]">>,
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap.erl
+++ b/apps/emqx_auth_ldap/src/emqx_auth_ldap.erl
@ -62,7 +62,7 @@ check(ClientInfo = #{username := Username, password := Password}, AuthResult,
        {error, not_found} ->
            ok;
        {error, ResultCode} ->
-            ?LOG(error, "[LDAP] Auth from ldap failed: ~p", [ResultCode]),
+            ?LOG_SENSITIVE(error, "[LDAP] Auth from ldap failed: ~p", [ResultCode]),
            {stop, AuthResult#{auth_result => ResultCode, anonymous => false}}
    end.
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap_cli.erl
+++ b/apps/emqx_auth_ldap/src/emqx_auth_ldap_cli.erl
@ -54,22 +54,22 @@ connect(Opts) ->
                       false ->
                           [{port, Port}, {timeout, Timeout}]
                   end,
-    ?LOG(debug, "[LDAP] Connecting to OpenLDAP server: ~p, Opts:~p ...", [Servers, LdapOpts]),
+    ?LOG_SENSITIVE(debug, "[LDAP] Connecting to OpenLDAP server: ~p, Opts:~p ...", [Servers, LdapOpts]),
    case eldap2:open(Servers, LdapOpts) of
        {ok, LDAP} ->
            try eldap2:simple_bind(LDAP, BindDn, BindPassword) of
                ok -> {ok, LDAP};
                {error, Error} ->
-                    ?LOG(error, "[LDAP] Can't authenticated to OpenLDAP server: ~p", [Error]),
+                    ?LOG_SENSITIVE(error, "[LDAP] Can't authenticated to OpenLDAP server: ~p", [Error]),
                    {error, Error}
            catch
                error:Reason ->
-                    ?LOG(error, "[LDAP] Can't authenticated to OpenLDAP server: ~p", [Reason]),
+                    ?LOG_SENSITIVE(error, "[LDAP] Can't authenticated to OpenLDAP server: ~p", [Reason]),
                    {error, Reason}
            end;
        {error, Reason} ->
-            ?LOG(error, "[LDAP] Can't connect to OpenLDAP server: ~p", [Reason]),
+            ?LOG_SENSITIVE(error, "[LDAP] Can't connect to OpenLDAP server: ~p", [Reason]),
            {error, Reason}
    end.
@ -147,4 +147,3 @@ init_args(ENVS) ->
           match_objectclass => ObjectClass,
           username_attr => UidAttr,
           password_attr => PasswdAttr}}.
--- a/apps/emqx_auth_mongo/src/emqx_auth_mongo.erl
+++ b/apps/emqx_auth_mongo/src/emqx_auth_mongo.erl
@ -55,7 +55,7 @@ check(ClientInfo = #{password := Password}, AuthResult,
        undefined -> ok;
        {error, Reason} ->
            ?tp(emqx_auth_mongo_check_authn_error, #{error => Reason}),
-            ?LOG(error, "[MongoDB] Can't connect to MongoDB server: ~0p", [Reason]),
+            ?LOG_SENSITIVE(error, "[MongoDB] Can't connect to MongoDB server: ~0p", [Reason]),
            {stop, AuthResult#{auth_result => not_authorized, anonymous => false}};
        UserMap ->
            Result = case [maps:get(Field, UserMap, undefined) || Field <- Fields] of
@ -72,7 +72,7 @@ check(ClientInfo = #{password := Password}, AuthResult,
                                       anonymous => false,
                                       auth_result => success}};
                {error, Error} ->
-                    ?LOG(error, "[MongoDB] check auth fail: ~p", [Error]),
+                    ?LOG_SENSITIVE(error, "[MongoDB] check auth fail: ~p", [Error]),
                    {stop, AuthResult#{auth_result => Error, anonymous => false}}
            end
    end.
@ -99,7 +99,7 @@ is_superuser(Pool, #superquery{collection = Coll, field = Field, selector = Sele
              false;
          {error, Reason} ->
              ?tp(emqx_auth_mongo_superuser_query_error, #{error => Reason}),
-              ?LOG(error, "[MongoDB] Can't connect to MongoDB server: ~0p", [Reason]),
+              ?LOG_SENSITIVE(error, "[MongoDB] Can't connect to MongoDB server: ~0p", [Reason]),
              false;
          Row ->
              case maps:get(Field, Row, false) of
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql.app.src
+++ b/apps/emqx_auth_mysql/src/emqx_auth_mysql.app.src
@ -1,6 +1,6 @@
 {application, emqx_auth_mysql,
 [{description, "EMQ X Authentication/ACL with MySQL"},
-  {vsn, "4.3.3"}, % strict semver, bump manually!
+  {vsn, "4.3.4"}, % strict semver, bump manually!
  {modules, []},
  {registered, [emqx_auth_mysql_sup]},
  {applications, [kernel,stdlib,mysql,ecpool]},
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql.appup.src
+++ b/apps/emqx_auth_mysql/src/emqx_auth_mysql.appup.src
@ -1,18 +1,28 @@
 %% -*- mode: erlang -*-
 {VSN,
-  [{<<"4\\.3\\.[1-2]">>,
+  [{"4.3.3",
-    [{load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]}]},
   {<<"4\\.3\\.[1-2]">>,
    [{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]}]},
   {"4.3.0",
-    [{load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
     {load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]}]},
   {<<".*">>,[]}],
-  [{<<"4\\.3\\.[1-2]">>,
+  [{"4.3.3",
-    [{load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]}]},
   {<<"4\\.3\\.[1-2]">>,
    [{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]}]},
   {"4.3.0",
-    [{load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
     {load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]}]},
   {<<".*">>,[]}]
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql.erl
+++ b/apps/emqx_auth_mysql/src/emqx_auth_mysql.erl
@ -41,7 +41,7 @@ check(ClientInfo = #{password := Password}, AuthResult,
                    {ok, _Columns, []} ->
                        {error, not_found};
                    {error, Reason} ->
-                        ?LOG(error, "[MySQL] query '~p' failed: ~p", [AuthSql, Reason]),
+                        ?LOG_SENSITIVE(error, "[MySQL] query '~p' failed: ~p", [AuthSql, Reason]),
                        {error, Reason}
                end,
    case CheckPass of
@ -52,7 +52,7 @@ check(ClientInfo = #{password := Password}, AuthResult,
        {error, not_found} ->
            ok;
        {error, ResultCode} ->
-            ?LOG(error, "[MySQL] Auth from mysql failed: ~p", [ResultCode]),
+            ?LOG_SENSITIVE(error, "[MySQL] Auth from mysql failed: ~p", [ResultCode]),
            {stop, AuthResult#{auth_result => ResultCode, anonymous => false}}
    end.
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql_cli.erl
+++ b/apps/emqx_auth_mysql/src/emqx_auth_mysql_cli.erl
@ -54,10 +54,10 @@ connect(Options) ->
            ?LOG(error, "[MySQL] Can't connect to MySQL server: Connection refused."),
            {error, Reason};
        {error, Reason = {ErrorCode, _, Error}} ->
-            ?LOG(error, "[MySQL] Can't connect to MySQL server: ~p - ~p", [ErrorCode, Error]),
+            ?LOG_SENSITIVE(error, "[MySQL] Can't connect to MySQL server: ~p - ~p", [ErrorCode, Error]),
            {error, Reason};
        {error, Reason} ->
-            ?LOG(error, "[MySQL] Can't connect to MySQL server: ~p", [Reason]),
+            ?LOG_SENSITIVE(error, "[MySQL] Can't connect to MySQL server: ~p", [Reason]),
            {error, Reason}
    end.
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.app.src
+++ b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.app.src
@ -1,6 +1,6 @@
 {application, emqx_auth_pgsql,
 [{description, "EMQ X Authentication/ACL with PostgreSQL"},
-  {vsn, "4.3.3"}, % strict semver, bump manually!
+  {vsn, "4.3.4"}, % strict semver, bump manually!
  {modules, []},
  {registered, [emqx_auth_pgsql_sup]},
  {applications, [kernel,stdlib,epgsql,ecpool]},
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.appup.src
+++ b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.appup.src
@ -1,11 +1,17 @@
 %% -*- mode: erlang -*-
 %% Unless you know what you are doing, DO NOT edit manually!!
 {VSN,
-  [{<<"4\\.3\\.[0-2]">>,
+  [{"4.3.3",
    [{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_pgsql_cli,brutal_purge,soft_purge,[]}]},
   {<<"4\\.3\\.[0-2]">>,
    %% restart it due to epgsql upgraded from 4.4.0 to 4.6.0
    %% in emqx_auth_pgsql:v4.3.3
    [{restart_application,emqx_auth_pgsql}]},
   {<<".*">>,[]}],
-  [{<<"4\\.3\\.[0-2]">>,
+  [{"4.3.3",
    [{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_pgsql_cli,brutal_purge,soft_purge,[]}]},
   {<<"4\\.3\\.[0-2]">>,
    [{restart_application,emqx_auth_pgsql}]},
   {<<".*">>,[]}]}.
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.erl
+++ b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.erl
@ -40,7 +40,7 @@ check(ClientInfo = #{password := Password}, AuthResult,
                    {ok, _, []} ->
                        {error, not_found};
                    {error, Reason} ->
-                        ?LOG(error, "[Postgres] query '~p' failed: ~p", [AuthSql, Reason]),
+                        ?LOG_SENSITIVE(error, "[Postgres] query '~p' failed: ~p", [AuthSql, Reason]),
                        {error, not_found}
                end,
    case CheckPass of
@ -51,7 +51,7 @@ check(ClientInfo = #{password := Password}, AuthResult,
        {error, not_found} ->
            ok;
        {error, ResultCode} ->
-            ?LOG(error, "[Postgres] Auth from pgsql failed: ~p", [ResultCode]),
+            ?LOG_SENSITIVE(error, "[Postgres] Auth from pgsql failed: ~p", [ResultCode]),
            {stop, AuthResult#{auth_result => ResultCode, anonymous => false}}
    end.
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_cli.erl
+++ b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_cli.erl
@ -82,7 +82,7 @@ connect(Opts) ->
            ?LOG(error, "[Postgres] Can't connect to Postgres server: Invalid password."),
            {error, Reason};
        {error, Reason} ->
-            ?LOG(error, "[Postgres] Can't connect to Postgres server: ~p", [Reason]),
+            ?LOG_SENSITIVE(error, "[Postgres] Can't connect to Postgres server: ~p", [Reason]),
            {error, Reason}
    end.
--- a/apps/emqx_auth_redis/src/emqx_auth_redis.app.src
+++ b/apps/emqx_auth_redis/src/emqx_auth_redis.app.src
@ -1,6 +1,6 @@
 {application, emqx_auth_redis,
 [{description, "EMQ X Authentication/ACL with Redis"},
-  {vsn, "4.3.3"}, % strict semver, bump manually!
+  {vsn, "4.3.4"}, % strict semver, bump manually!
  {modules, []},
  {registered, [emqx_auth_redis_sup]},
  {applications, [kernel,stdlib,eredis,eredis_cluster,ecpool]},
--- a/apps/emqx_auth_redis/src/emqx_auth_redis.appup.src
+++ b/apps/emqx_auth_redis/src/emqx_auth_redis.appup.src
@ -1,19 +1,29 @@
 %% -*- mode: erlang -*-
 %% Unless you know what you are doing, DO NOT edit manually!!
 {VSN,
-  [{<<"4\\.3\\.[1-2]">>,
+  [{"4.3.3",
-    [{load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]}]},
   {<<"4\\.3\\.[1-2]">>,
    [{load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_redis,brutal_purge,soft_purge,[]}]},
   {"4.3.0",
-    [{load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_redis,brutal_purge,soft_purge,[]},
     {load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}]},
   {<<".*">>,[]}],
-  [{<<"4\\.3\\.[1-2]">>,
+  [{"4.3.3",
-    [{load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]}]},
   {<<"4\\.3\\.[1-2]">>,
    [{load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_redis,brutal_purge,soft_purge,[]}]},
   {"4.3.0",
-    [{load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]},
     {load_module,emqx_auth_redis,brutal_purge,soft_purge,[]},
     {load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}]},
-   {<<".*">>,[]}]
+   {<<".*">>,[]}]}.
 }.
--- a/apps/emqx_auth_redis/src/emqx_auth_redis.erl
+++ b/apps/emqx_auth_redis/src/emqx_auth_redis.erl
@ -42,7 +42,7 @@ check(ClientInfo = #{password := Password}, AuthResult,
                    {ok, [PassHash, Salt|_]} ->
                        check_pass({PassHash, Salt, Password}, HashType);
                    {error, Reason} ->
-                        ?LOG(error, "[Redis] Command: ~p failed: ~p", [AuthCmd, Reason]),
+                        ?LOG_SENSITIVE(error, "[Redis] Command: ~p failed: ~p", [AuthCmd, Reason]),
                        {error, not_found}
                end,
    case CheckPass of
@ -54,7 +54,7 @@ check(ClientInfo = #{password := Password}, AuthResult,
        {error, not_found} ->
            ok;
        {error, ResultCode} ->
-            ?LOG(error, "[Redis] Auth from redis failed: ~p", [ResultCode]),
+            ?LOG_SENSITIVE(error, "[Redis] Auth from redis failed: ~p", [ResultCode]),
            {stop, AuthResult#{auth_result => ResultCode, anonymous => false}}
    end.
--- a/apps/emqx_auth_redis/src/emqx_auth_redis_cli.erl
+++ b/apps/emqx_auth_redis/src/emqx_auth_redis_cli.erl
@ -56,7 +56,7 @@ connect(Opts) ->
                ?LOG(error, "[Redis] Can't connect to Redis server: Authentication failed."),
                {error, Reason};
            {error, Reason} ->
-                ?LOG(error, "[Redis] Can't connect to Redis server: ~p", [Reason]),
+                ?LOG_SENSITIVE(error, "[Redis] Can't connect to Redis server: ~p", [Reason]),
                {error, Reason}
    end.
@ -86,4 +86,3 @@ repl(S, _Var, undefined) ->
 repl(S, Var, Val) ->
    NVal = re:replace(Val, "&", "\\\\&", [global, {return, list}]),
    re:replace(S, Var, NVal, [{return, list}]).
--- a/changes/v4.3.22-en.md
+++ b/changes/v4.3.22-en.md
@ -15,6 +15,8 @@
 - Added a log censor to avoid logging sensitive data [#9189](https://github.com/emqx/emqx/pull/9189).
  If the data to be logged is a map or key-value list which contains sensitive key words such as `password`, the value is obfuscated as `******`.
 - Enhanced log security in ACL modules, sensitive data will be obscured. [#9242](https://github.com/emqx/emqx/pull/9242).
 ## Bug fixes
 - Fix that after uploading a backup file with an UTF8 filename, HTTP API `GET /data/export` fails with status code 500 [#9224](https://github.com/emqx/emqx/pull/9224).
--- a/changes/v4.3.22-zh.md
+++ b/changes/v4.3.22-zh.md
@ -15,6 +15,8 @@
 - 增强包含敏感数据的日志的安全性 [#9189](https://github.com/emqx/emqx/pull/9189)。
  如果日志中包含敏感关键词，例如 `password`，那么关联的数据回被模糊化处理，替换成 `******`。
 - 增强 ACL 模块中的日志安全性，敏感数据将被模糊化。[#9242](https://github.com/emqx/emqx/pull/9242)。
 ## 修复
 - 修复若上传的备份文件名中包含 UTF8 字符，`GET /data/export` HTTP 接口返回 500 错误 [#9224](https://github.com/emqx/emqx/pull/9224)。