From cc03bc788161627c1e2f964b6f9297af8dd57f6f Mon Sep 17 00:00:00 2001 From: firest Date: Tue, 22 Nov 2022 16:55:47 +0800 Subject: [PATCH 1/2] fix: hide sensitive data in some logs --- apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl | 2 +- apps/emqx_coap/src/emqx_coap_resource.erl | 12 ++++++++++-- apps/emqx_exproto/src/emqx_exproto_gsvr.erl | 2 +- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl b/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl index c10efd655..29a0e5d33 100644 --- a/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl +++ b/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl @@ -120,7 +120,7 @@ call(Pid, Msg, _) -> init({ClientId, Username, Password, Channel}) -> ?LOG(debug, "try to start adapter ClientId=~p, Username=~p, Password=~p, " - "Channel=~0p", [ClientId, Username, Password, Channel]), + "Channel=~0p", [ClientId, Username, "******", Channel]), State0 = #state{peername = Channel, clientid = ClientId, username = Username, diff --git a/apps/emqx_coap/src/emqx_coap_resource.erl b/apps/emqx_coap/src/emqx_coap_resource.erl index daa536540..2db10dc31 100644 --- a/apps/emqx_coap/src/emqx_coap_resource.erl +++ b/apps/emqx_coap/src/emqx_coap_resource.erl @@ -48,7 +48,7 @@ coap_discover(_Prefix, _Args) -> [{absolute, [<<"mqtt">>], []}]. coap_get(ChId, ?MQTT_PREFIX, Path, Query, _Content) -> - ?LOG(debug, "coap_get() Path=~p, Query=~p~n", [Path, Query]), + ?LOG(debug, "coap_get() Path=~p, Query=~p~n", [Path, redact_query(Query)]), #coap_mqtt_auth{clientid = Clientid, username = Usr, password = Passwd} = get_auth(Query), case emqx_coap_mqtt_adapter:client_pid(Clientid, Usr, Passwd, ChId) of {ok, Pid} -> @@ -65,7 +65,8 @@ coap_get(ChId, ?MQTT_PREFIX, Path, Query, _Content) -> {error, internal_server_error} end; coap_get(ChId, Prefix, Path, Query, _Content) -> - ?LOG(error, "ignore bad get request ChId=~p, Prefix=~p, Path=~p, Query=~p", [ChId, Prefix, Path, Query]), + ?LOG(error, "ignore bad get request ChId=~p, Prefix=~p, Path=~p, Query=~p", + [ChId, Prefix, Path, redact_query(Query)]), {error, bad_request}. coap_post(_ChId, _Prefix, _Topic, _Content) -> @@ -149,3 +150,10 @@ topic([Path | TopicPath]) -> <> end. +redact_query(Auths) -> + lists:map(fun(<<$p, $=, _Rest/binary>>) -> + <<$p, $=, "******">>; + (E) -> + E + end, + Auths). diff --git a/apps/emqx_exproto/src/emqx_exproto_gsvr.erl b/apps/emqx_exproto/src/emqx_exproto_gsvr.erl index 91d119c9a..7c6d9d62b 100644 --- a/apps/emqx_exproto/src/emqx_exproto_gsvr.erl +++ b/apps/emqx_exproto/src/emqx_exproto_gsvr.erl @@ -60,7 +60,7 @@ close(Req = #{conn := Conn}, Md) -> authenticate(Req = #{conn := Conn, password := Password, clientinfo := ClientInfo}, Md) -> - ?LOG(debug, "Recv ~p function with request ~0p", [?FUNCTION_NAME, Req]), + ?LOG_SENSITIVE(debug, "Recv ~p function with request ~0p", [?FUNCTION_NAME, Req]), case validate(clientinfo, ClientInfo) of false -> {ok, response({error, ?RESP_REQUIRED_PARAMS_MISSED}), Md}; From 0d2f1eb49e6cef67f82f55833a4d9b682b91cecb Mon Sep 17 00:00:00 2001 From: firest Date: Tue, 22 Nov 2022 17:31:59 +0800 Subject: [PATCH 2/2] chore: update appup --- apps/emqx_exproto/src/emqx_exproto.appup.src | 34 ++++++++++++++------ 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/apps/emqx_exproto/src/emqx_exproto.appup.src b/apps/emqx_exproto/src/emqx_exproto.appup.src index e97296a68..2fe600492 100644 --- a/apps/emqx_exproto/src/emqx_exproto.appup.src +++ b/apps/emqx_exproto/src/emqx_exproto.appup.src @@ -1,17 +1,24 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.3.12",[{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}]}, - {"4.3.11",[{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}]}, + [{"4.3.12", + [{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]}, + {load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}]}, + {"4.3.11", + [{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]}, + {load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}]}, {"4.3.10", - [{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}, + [{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]}, + {load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}, {load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]}]}, {"4.3.9", - [{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}, + [{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]}, + {load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}, {load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]}, {load_module,emqx_exproto_gcli,brutal_purge,soft_purge,[]}]}, {<<"4\\.3\\.[2-8]">>, - [{load_module,emqx_exproto_gcli,brutal_purge,soft_purge,[]}, + [{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]}, + {load_module,emqx_exproto_gcli,brutal_purge,soft_purge,[]}, {load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}, {load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]}]}, {<<"4\\.3\\.[0-1]">>, @@ -20,17 +27,24 @@ {load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}, {load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], - [{"4.3.12",[{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}]}, - {"4.3.11",[{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}]}, + [{"4.3.12", + [{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]}, + {load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}]}, + {"4.3.11", + [{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]}, + {load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}]}, {"4.3.10", - [{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}, + [{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]}, + {load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}, {load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]}]}, {"4.3.9", - [{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}, + [{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]}, + {load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}, {load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]}, {load_module,emqx_exproto_gcli,brutal_purge,soft_purge,[]}]}, {<<"4\\.3\\.[2-8]">>, - [{load_module,emqx_exproto_gcli,brutal_purge,soft_purge,[]}, + [{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]}, + {load_module,emqx_exproto_gcli,brutal_purge,soft_purge,[]}, {load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}, {load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]}]}, {<<"4\\.3\\.[0-1]">>,