yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(node_dump): Attempt to censor passwords

This commit is contained in:
k32 2021-05-04 20:52:00 +02:00 committed by Zaiming (Stone) Shi
parent d913a7d20d
commit e6c85dfb04
2 changed files with 75 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
bin/node_dump
View File

@ -12,14 +12,15 @@ DUMP="log/node_dump_$(date +"%y%m%d_%H%M%S").tar.gz"
collect() { collect() {
echo "========================================================" echo "========================================================"
echo " $@" echo " $*"
echo "========================================================" echo "========================================================"
eval $@ || echo "Unavailable" eval "$*" || echo "Unavailable"
echo -e '\n' echo -e '\n'
} }
{ {
collect bin/emqx_ctl broker collect bin/emqx_ctl broker
collect bin/emqx eval "'emqx_node_dump:sys_info()'"
collect uname -a collect uname -a
collect uptime collect uptime
@ -33,9 +34,9 @@ collect() {
collect bin/emqx_ctl listeners collect bin/emqx_ctl listeners
} > log/sysinfo.txt } > log/sysinfo.txt
bin/emqx eval 'ets:tab2list(ac_tab)' > log/conf.dump bin/emqx eval 'emqx_node_dump:app_env_dump()' > log/conf.dump
tar czf $DUMP log/*.log.* log/run_erl.log* log/sysinfo.txt log/conf.dump tar czf "${DUMP}" log/*.log.* log/run_erl.log* log/sysinfo.txt log/conf.dump
## Cleanup: ## Cleanup:
rm log/sysinfo.txt rm log/sysinfo.txt

70
src/emqx_node_dump.erl Normal file
View File

@ -0,0 +1,70 @@
%%--------------------------------------------------------------------
%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
%% You may obtain a copy of the License at
%%
%% http://www.apache.org/licenses/LICENSE-2.0
%%
%% Unless required by applicable law or agreed to in writing, software
%% distributed under the License is distributed on an "AS IS" BASIS,
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
%% See the License for the specific language governing permissions and
%% limitations under the License.
%%--------------------------------------------------------------------
%% Collection of functions for creating node dumps
-module(emqx_node_dump).
-export([ sys_info/0
, app_env_dump/0
]).
sys_info() ->
#{ release => emqx_app:get_release()
, otp_version => emqx_vm:get_otp_version()
}.
app_env_dump() ->
censor(ets:tab2list(ac_tab)).
censor([]) ->
[];
censor([{{env, App, Key}, Val} | Rest]) ->
[{{env, App, Key}, censor([Key, App], Val)} | censor(Rest)];
censor([_ | Rest]) ->
censor(Rest).
censor(Path, L) when is_list(L) ->
[censor(Path, I) || I <- L];
censor(Path, M) when is_map(M) ->
Fun = fun(Key, Val) ->
censor([Key|Path], Val)
end,
maps:map(Fun, M);
censor(Path, {Key, Val}) when is_atom(Key) ->
{Key, censor([Key|Path], Val)};
censor(Path, Val) ->
case Path of
[password|_] when is_binary(Val) ->
<<"censored">>;
[password|_] when is_list(Val) ->
"censored";
_ ->
Val
end.
-ifdef(TEST).
-include_lib("eunit/include/eunit.hrl").
censor_test() ->
?assertMatch( [{{env, emqx, listeners}, #{password := <<"censored">>}}]
, censor([foo, {{env, emqx, listeners}, #{password => <<"secret">>}}, {app, bar}])
),
?assertMatch( [{{env, emqx, listeners}, [{foo, 1}, {password, <<"censored">>}]}]
, censor([{{env, emqx, listeners}, [{foo, 1}, {password, <<"secret">>}]}])
).
-endif. %% TEST