yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #9405 from lafirest/fix/pass_leak 

fix: hide sensitive data in some logs
This commit is contained in:
lafirest 2022-11-22 19:21:26 +08:00 committed by GitHub
parent 38980ffd9e 0d2f1eb49e
commit c3e80329ae
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 36 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl
View File

@ -120,7 +120,7 @@ call(Pid, Msg, _) ->
init({ClientId, Username, Password, Channel}) -> init({ClientId, Username, Password, Channel}) ->
?LOG(debug, "try to start adapter ClientId=~p, Username=~p, Password=~p, " ?LOG(debug, "try to start adapter ClientId=~p, Username=~p, Password=~p, "
"Channel=~0p", [ClientId, Username, Password, Channel]), "Channel=~0p", [ClientId, Username, "******", Channel]),
State0 = #state{peername = Channel, State0 = #state{peername = Channel,
clientid = ClientId, clientid = ClientId,
username = Username, username = Username,

12
apps/emqx_coap/src/emqx_coap_resource.erl
View File

@ -48,7 +48,7 @@ coap_discover(_Prefix, _Args) ->
[{absolute, [<<"mqtt">>], []}]. [{absolute, [<<"mqtt">>], []}].
coap_get(ChId, ?MQTT_PREFIX, Path, Query, _Content) -> coap_get(ChId, ?MQTT_PREFIX, Path, Query, _Content) ->
?LOG(debug, "coap_get() Path=~p, Query=~p~n", [Path, Query]), ?LOG(debug, "coap_get() Path=~p, Query=~p~n", [Path, redact_query(Query)]),
#coap_mqtt_auth{clientid = Clientid, username = Usr, password = Passwd} = get_auth(Query), #coap_mqtt_auth{clientid = Clientid, username = Usr, password = Passwd} = get_auth(Query),
case emqx_coap_mqtt_adapter:client_pid(Clientid, Usr, Passwd, ChId) of case emqx_coap_mqtt_adapter:client_pid(Clientid, Usr, Passwd, ChId) of
{ok, Pid} -> {ok, Pid} ->
@ -65,7 +65,8 @@ coap_get(ChId, ?MQTT_PREFIX, Path, Query, _Content) ->
{error, internal_server_error} {error, internal_server_error}
end; end;
coap_get(ChId, Prefix, Path, Query, _Content) -> coap_get(ChId, Prefix, Path, Query, _Content) ->
?LOG(error, "ignore bad get request ChId=~p, Prefix=~p, Path=~p, Query=~p", [ChId, Prefix, Path, Query]), ?LOG(error, "ignore bad get request ChId=~p, Prefix=~p, Path=~p, Query=~p",
[ChId, Prefix, Path, redact_query(Query)]),
{error, bad_request}. {error, bad_request}.
coap_post(_ChId, _Prefix, _Topic, _Content) -> coap_post(_ChId, _Prefix, _Topic, _Content) ->
@ -149,3 +150,10 @@ topic([Path | TopicPath]) ->
<<Path/binary, $/, RemTopic/binary>> <<Path/binary, $/, RemTopic/binary>>
end. end.
redact_query(Auths) ->
lists:map(fun(<<$p, $=, _Rest/binary>>) ->
<<$p, $=, "******">>;
(E) ->
E
end,
Auths).

34
apps/emqx_exproto/src/emqx_exproto.appup.src
View File

@ -1,17 +1,24 @@
%% -*- mode: erlang -*- %% -*- mode: erlang -*-
%% Unless you know what you are doing, DO NOT edit manually!! %% Unless you know what you are doing, DO NOT edit manually!!
{VSN, {VSN,
[{"4.3.12",[{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}]}, [{"4.3.12",
{"4.3.11",[{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}]}, [{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}]},
{"4.3.11",
[{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}]},
{"4.3.10", {"4.3.10",
[{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}, [{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]}]}, {load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]}]},
{"4.3.9", {"4.3.9",
[{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}, [{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]}, {load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_gcli,brutal_purge,soft_purge,[]}]}, {load_module,emqx_exproto_gcli,brutal_purge,soft_purge,[]}]},
{<<"4\\.3\\.[2-8]">>, {<<"4\\.3\\.[2-8]">>,
[{load_module,emqx_exproto_gcli,brutal_purge,soft_purge,[]}, [{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_gcli,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}, {load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]}]}, {load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]}]},
{<<"4\\.3\\.[0-1]">>, {<<"4\\.3\\.[0-1]">>,
@ -20,17 +27,24 @@
{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}, {load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]}]}, {load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]}]},
{<<".*">>,[]}], {<<".*">>,[]}],
[{"4.3.12",[{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}]}, [{"4.3.12",
{"4.3.11",[{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}]}, [{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}]},
{"4.3.11",
[{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}]},
{"4.3.10", {"4.3.10",
[{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}, [{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]}]}, {load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]}]},
{"4.3.9", {"4.3.9",
[{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}, [{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]}, {load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_gcli,brutal_purge,soft_purge,[]}]}, {load_module,emqx_exproto_gcli,brutal_purge,soft_purge,[]}]},
{<<"4\\.3\\.[2-8]">>, {<<"4\\.3\\.[2-8]">>,
[{load_module,emqx_exproto_gcli,brutal_purge,soft_purge,[]}, [{load_module,emqx_exproto_gsvr,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_gcli,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]}, {load_module,emqx_exproto_conn,brutal_purge,soft_purge,[]},
{load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]}]}, {load_module,emqx_exproto_channel,brutal_purge,soft_purge,[]}]},
{<<"4\\.3\\.[0-1]">>, {<<"4\\.3\\.[0-1]">>,

2
apps/emqx_exproto/src/emqx_exproto_gsvr.erl
View File

@ -60,7 +60,7 @@ close(Req = #{conn := Conn}, Md) ->
authenticate(Req = #{conn := Conn, authenticate(Req = #{conn := Conn,
password := Password, password := Password,
clientinfo := ClientInfo}, Md) -> clientinfo := ClientInfo}, Md) ->
?LOG(debug, "Recv ~p function with request ~0p", [?FUNCTION_NAME, Req]), ?LOG_SENSITIVE(debug, "Recv ~p function with request ~0p", [?FUNCTION_NAME, Req]),
case validate(clientinfo, ClientInfo) of case validate(clientinfo, ClientInfo) of
false -> false ->
{ok, response({error, ?RESP_REQUIRED_PARAMS_MISSED}), Md}; {ok, response({error, ?RESP_REQUIRED_PARAMS_MISSED}), Md};