From e64587f3daeb06054afba04f35816b6eb89977a3 Mon Sep 17 00:00:00 2001 From: Shawn <506895667@qq.com> Date: Thu, 15 Jun 2023 14:58:03 +0800 Subject: [PATCH] fix: password leaks from rule engine logs --- apps/emqx_rule_engine/include/rule_engine.hrl | 6 ++++-- apps/emqx_rule_engine/src/emqx_rule_actions.erl | 1 - apps/emqx_rule_engine/src/emqx_rule_engine.erl | 1 - .../src/emqx_rule_engine_api.erl | 17 ++++++++--------- apps/emqx_rule_engine/src/emqx_rule_events.erl | 5 ++--- apps/emqx_rule_engine/src/emqx_rule_monitor.erl | 3 +-- .../emqx_rule_engine/src/emqx_rule_registry.erl | 4 +--- apps/emqx_rule_engine/src/emqx_rule_runtime.erl | 1 - .../src/emqx_rule_sqltester.erl | 1 - apps/emqx_rule_engine/src/emqx_rule_utils.erl | 1 - rebar.config | 2 +- 11 files changed, 17 insertions(+), 25 deletions(-) diff --git a/apps/emqx_rule_engine/include/rule_engine.hrl b/apps/emqx_rule_engine/include/rule_engine.hrl index fe2cc1880..da53bc01d 100644 --- a/apps/emqx_rule_engine/include/rule_engine.hrl +++ b/apps/emqx_rule_engine/include/rule_engine.hrl @@ -14,6 +14,8 @@ %% limitations under the License. %%-------------------------------------------------------------------- +-include_lib("emqx/include/logger.hrl"). + -define(APP, emqx_rule_engine). -define(KV_TAB, '@rule_engine_db'). @@ -186,11 +188,11 @@ case lists:filter(fun(ResParttern) -> false; (_) -> true end, ResL) of [] -> ResL; ErrL -> - ?LOG(error, "cluster_call error found, ResL: ~p", [ResL]), + ?LOG_SENSITIVE(error, "cluster_call error found, ResL: ~p", [ResL]), throw({Func, ErrL}) end; {ResL, BadNodes} -> - ?LOG(error, "cluster_call bad nodes found: ~p, ResL: ~p", [BadNodes, ResL]), + ?LOG_SENSITIVE(error, "cluster_call bad nodes found: ~p, ResL: ~p", [BadNodes, ResL]), throw({Func, {failed_on_nodes, BadNodes}}) end end()). diff --git a/apps/emqx_rule_engine/src/emqx_rule_actions.erl b/apps/emqx_rule_engine/src/emqx_rule_actions.erl index 4351a5410..d51ee61b6 100644 --- a/apps/emqx_rule_engine/src/emqx_rule_actions.erl +++ b/apps/emqx_rule_engine/src/emqx_rule_actions.erl @@ -20,7 +20,6 @@ -include("rule_engine.hrl"). -include("rule_actions.hrl"). -include_lib("emqx/include/emqx.hrl"). --include_lib("emqx/include/logger.hrl"). -define(BAD_TOPIC_WITH_WILDCARD, wildcard_topic_not_allowed_for_publish). diff --git a/apps/emqx_rule_engine/src/emqx_rule_engine.erl b/apps/emqx_rule_engine/src/emqx_rule_engine.erl index 03ae80bd9..9571ae221 100644 --- a/apps/emqx_rule_engine/src/emqx_rule_engine.erl +++ b/apps/emqx_rule_engine/src/emqx_rule_engine.erl @@ -17,7 +17,6 @@ -module(emqx_rule_engine). -include("rule_engine.hrl"). --include_lib("emqx/include/logger.hrl"). -export([ load_providers/0 , unload_providers/0 diff --git a/apps/emqx_rule_engine/src/emqx_rule_engine_api.erl b/apps/emqx_rule_engine/src/emqx_rule_engine_api.erl index 951f9b4f2..2c0dba552 100644 --- a/apps/emqx_rule_engine/src/emqx_rule_engine_api.erl +++ b/apps/emqx_rule_engine/src/emqx_rule_engine_api.erl @@ -19,7 +19,6 @@ -behaviour(gen_server). -include("rule_engine.hrl"). --include_lib("emqx/include/logger.hrl"). -logger_header("[RuleEngineAPI]"). @@ -329,7 +328,7 @@ do_create_rule(Params) -> error -> do_create_rule2(ParsedParams) end; {error, Reason} -> - ?LOG(error, "~p failed: ~0p", [?FUNCTION_NAME, Reason]), + ?LOG_SENSITIVE(error, "~p failed: ~0p", [?FUNCTION_NAME, Reason]), return({error, 400, ?ERR_BADARGS(Reason)}) end. @@ -339,7 +338,7 @@ do_create_rule2(ParsedParams) -> {error, {action_not_found, ActionName}} -> return({error, 400, ?ERR_NO_ACTION(ActionName)}); {error, Reason} -> - ?LOG(error, "~p failed: ~0p", [?FUNCTION_NAME, Reason]), + ?LOG_SENSITIVE(error, "~p failed: ~0p", [?FUNCTION_NAME, Reason]), return({error, 400, ?ERR_BADARGS(Reason)}) end. @@ -352,11 +351,11 @@ delegate_update_rule(#{id := Id0}, Params) -> {error, {not_found, RuleId}} -> return({error, 400, ?ERR_NO_RULE(RuleId)}); {error, Reason} -> - ?LOG(error, "~p failed: ~0p", [?FUNCTION_NAME, Reason]), + ?LOG_SENSITIVE(error, "~p failed: ~0p", [?FUNCTION_NAME, Reason]), return({error, 400, ?ERR_BADARGS(Reason)}) end; {error, Reason} -> - ?LOG(error, "~p failed: ~0p", [?FUNCTION_NAME, Reason]), + ?LOG_SENSITIVE(error, "~p failed: ~0p", [?FUNCTION_NAME, Reason]), return({error, 400, ?ERR_BADARGS(Reason)}) end. @@ -409,7 +408,7 @@ delegate_create_resource(#{}, Params) -> fun() -> do_create_resource(create_resource, ParsedParams) end, Params); {error, Reason} -> - ?LOG(error, "~p failed: ~0p", [?FUNCTION_NAME, Reason]), + ?LOG_SENSITIVE(error, "~p failed: ~0p", [?FUNCTION_NAME, Reason]), return({error, 400, ?ERR_BADARGS(Reason)}) end. @@ -434,7 +433,7 @@ do_create_resource2(Create, ParsedParams) -> {error, {init_resource, _}} -> return({error, 500, <<"Init resource failure!">>}); {error, Reason} -> - ?LOG(error, "~p failed: ~0p", [?FUNCTION_NAME, Reason]), + ?LOG_SENSITIVE(error, "~p failed: ~0p", [?FUNCTION_NAME, Reason]), return({error, 400, ?ERR_BADARGS(Reason)}) end. @@ -483,7 +482,7 @@ delegate_start_resource(#{id := Id0}, _Params) -> {error, {resource_not_found, ResId}} -> return({error, 400, ?ERR_NO_RESOURCE(ResId)}); {error, Reason} -> - ?LOG(error, "~p failed: ~0p", [?FUNCTION_NAME, Reason]), + ?LOG_SENSITIVE(error, "~p failed: ~0p", [?FUNCTION_NAME, Reason]), return({error, 400, ?ERR_BADARGS(Reason)}) end. @@ -508,7 +507,7 @@ delegate_update_resource(#{id := Id0}, NewParams) -> {error, {dependent_rules_exists, RuleIds}} -> return({error, 400, ?ERR_DEP_RULES_EXISTS(RuleIds)}); {error, Reason} -> - ?LOG(error, "Resource update failed: ~0p", [Reason]), + ?LOG_SENSITIVE(error, "Resource update failed: ~0p", [Reason]), return({error, 400, ?ERR_BADARGS(Reason)}) end. diff --git a/apps/emqx_rule_engine/src/emqx_rule_events.erl b/apps/emqx_rule_engine/src/emqx_rule_events.erl index f5c18d639..b15419ded 100644 --- a/apps/emqx_rule_engine/src/emqx_rule_events.erl +++ b/apps/emqx_rule_engine/src/emqx_rule_events.erl @@ -16,11 +16,10 @@ -module(emqx_rule_events). +-logger_header("[RuleEvents]"). + -include("rule_engine.hrl"). -include_lib("emqx/include/emqx.hrl"). --include_lib("emqx/include/logger.hrl"). - --logger_header("[RuleEvents]"). -export([ load/1 , unload/0 diff --git a/apps/emqx_rule_engine/src/emqx_rule_monitor.erl b/apps/emqx_rule_engine/src/emqx_rule_monitor.erl index 4e4d4ebe1..19fa2c56b 100644 --- a/apps/emqx_rule_engine/src/emqx_rule_monitor.erl +++ b/apps/emqx_rule_engine/src/emqx_rule_monitor.erl @@ -18,9 +18,8 @@ -behavior(gen_server). --include("rule_engine.hrl"). --include_lib("emqx/include/logger.hrl"). -logger_header("[Rule Monitor]"). +-include("rule_engine.hrl"). -export([init/1, handle_call/3, diff --git a/apps/emqx_rule_engine/src/emqx_rule_registry.erl b/apps/emqx_rule_engine/src/emqx_rule_registry.erl index 37bca84aa..7b038e97a 100644 --- a/apps/emqx_rule_engine/src/emqx_rule_registry.erl +++ b/apps/emqx_rule_engine/src/emqx_rule_registry.erl @@ -18,10 +18,8 @@ -behaviour(gen_server). --include("rule_engine.hrl"). --include_lib("emqx/include/logger.hrl"). - -logger_header("[RuleRegistry]"). +-include("rule_engine.hrl"). -export([start_link/0]). diff --git a/apps/emqx_rule_engine/src/emqx_rule_runtime.erl b/apps/emqx_rule_engine/src/emqx_rule_runtime.erl index 56c64924f..44fa65c44 100644 --- a/apps/emqx_rule_engine/src/emqx_rule_runtime.erl +++ b/apps/emqx_rule_engine/src/emqx_rule_runtime.erl @@ -19,7 +19,6 @@ -include("rule_engine.hrl"). -include("rule_actions.hrl"). -include_lib("emqx/include/emqx.hrl"). --include_lib("emqx/include/logger.hrl"). -export([ apply_rule/2 , apply_rules/2 diff --git a/apps/emqx_rule_engine/src/emqx_rule_sqltester.erl b/apps/emqx_rule_engine/src/emqx_rule_sqltester.erl index 6ee2c3209..241cea493 100644 --- a/apps/emqx_rule_engine/src/emqx_rule_sqltester.erl +++ b/apps/emqx_rule_engine/src/emqx_rule_sqltester.erl @@ -15,7 +15,6 @@ -module(emqx_rule_sqltester). -include("rule_engine.hrl"). --include_lib("emqx/include/logger.hrl"). -export([ test/1 ]). diff --git a/apps/emqx_rule_engine/src/emqx_rule_utils.erl b/apps/emqx_rule_engine/src/emqx_rule_utils.erl index 78d77ed58..ea376f1ef 100644 --- a/apps/emqx_rule_engine/src/emqx_rule_utils.erl +++ b/apps/emqx_rule_engine/src/emqx_rule_utils.erl @@ -17,7 +17,6 @@ -module(emqx_rule_utils). -include("rule_engine.hrl"). --include_lib("emqx/include/logger.hrl"). -export([ replace_var/2 ]). diff --git a/rebar.config b/rebar.config index 31b06bb0f..ac2894b57 100644 --- a/rebar.config +++ b/rebar.config @@ -52,7 +52,7 @@ , {ekka, {git, "https://github.com/emqx/ekka", {tag, "0.8.1.11"}}} , {gen_rpc, {git, "https://github.com/emqx/gen_rpc", {tag, "3.0.1"}}} , {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {tag, "v3.3.6"}}} - , {minirest, {git, "https://github.com/emqx/minirest", {tag, "0.3.11"}}} + , {minirest, {git, "https://github.com/emqx/minirest", {tag, "0.3.12"}}} , {ecpool, {git, "https://github.com/emqx/ecpool", {tag, "0.5.2"}}} , {replayq, {git, "https://github.com/emqx/replayq", {tag, "0.3.5"}}} , {pbkdf2, {git, "https://github.com/emqx/erlang-pbkdf2.git", {branch, "2.0.4"}}}