From 552a53d49d7fbf190f1478b110f6934ebb0620c4 Mon Sep 17 00:00:00 2001
From: Russell Bryant <rbryant@redhat.com>
Date: Thu, 9 Feb 2012 09:39:15 -0500
Subject: [PATCH] Don't log sensitive data in compute log file.
Sanitize run_instance's admin_password argument from
nova.rpc 'received' debug logging. Fixes bug 915025.
Sanitize new_pass from set_admin_password. Fixes bug 920687.
Manually merged from:
ccbc940211c348940ca9766ef60328302a080f9a
fa10e7ad5b3f6ab5de5b7b187da7a8bf05a263d5
Change-Id: I3af8263f88ef2e68d5d7f6d8c4824737fffcf461
---
Authors | 1 +
nova/rpc/common.py | 21 +++++++++++++++++++++
nova/rpc/impl_carrot.py | 3 ++-
nova/rpc/impl_kombu.py | 3 ++-
4 files changed, 26 insertions(+), 2 deletions(-)
diff --git a/Authors b/Authors
index 49706a1..de37b1d 100644
--- a/Authors
+++ b/Authors
@@ -110,6 +110,7 @@ Ricardo Carrillo Cruz <emaildericky@gmail.com>
Rick Clark <rick@openstack.org>
Rick Harris <rconradharris@gmail.com>
Rob Kost <kost@isi.edu>
+Russell Bryant <rbryant@redhat.com>
Ryan Lane <rlane@wikimedia.org>
Ryan Lucio <rlucio@internap.com>
Ryu Ishimoto <ryu@midokura.jp>
diff --git a/nova/rpc/common.py b/nova/rpc/common.py
index b8c2806..7bfe59a 100644
--- a/nova/rpc/common.py
+++ b/nova/rpc/common.py
@@ -1,3 +1,5 @@
+import copy
+
from nova import exception
from nova import flags
from nova import log as logging
@@ -27,3 +29,22 @@ class RemoteError(exception.Error):
super(RemoteError, self).__init__('%s %s\n%s' % (exc_type,
value,
traceback))
+
+
+def _safe_log(log_func, msg, msg_data):
+ """Sanitizes the msg_data field before logging."""
+ SANITIZE = {
+ 'set_admin_password': ('new_pass',),
+ 'run_instance': ('admin_password',),
+ }
+ method = msg_data['method']
+ if method in SANITIZE:
+ msg_data = copy.deepcopy(msg_data)
+ args_to_sanitize = SANITIZE[method]
+ for arg in args_to_sanitize:
+ try:
+ msg_data['args'][arg] = "<SANITIZED>"
+ except KeyError:
+ pass
+
+ return log_func(msg, msg_data)
diff --git a/nova/rpc/impl_carrot.py b/nova/rpc/impl_carrot.py
index 57fd074..f68f2b8 100644
--- a/nova/rpc/impl_carrot.py
+++ b/nova/rpc/impl_carrot.py
@@ -43,6 +43,7 @@ from nova import context
from nova import exception
from nova import fakerabbit
from nova import flags
+import nova.rpc.common as rpc_common
from nova.rpc.common import RemoteError, LOG
# Needed for tests
@@ -252,7 +253,7 @@ class AdapterConsumer(Consumer):
Example: {'method': 'echo', 'args': {'value': 42}}
"""
- LOG.debug(_('received %s') % message_data)
+ rpc_common._safe_log(LOG.debug, _('received %s'), message_data)
# This will be popped off in _unpack_context
msg_id = message_data.get('_msg_id', None)
ctxt = _unpack_context(message_data)
diff --git a/nova/rpc/impl_kombu.py b/nova/rpc/impl_kombu.py
index b9058f3..403c094 100644
--- a/nova/rpc/impl_kombu.py
+++ b/nova/rpc/impl_kombu.py
@@ -33,6 +33,7 @@ import greenlet
from nova import context
from nova import exception
from nova import flags
+import nova.rpc.common as rpc_common
from nova.rpc.common import RemoteError, LOG
# Needed for tests
@@ -597,7 +598,7 @@ class ProxyCallback(object):
Example: {'method': 'echo', 'args': {'value': 42}}
"""
- LOG.debug(_('received %s') % message_data)
+ rpc_common._safe_log(LOG.debug, _('received %s'), message_data)
ctxt = _unpack_context(message_data)
method = message_data.get('method')
args = message_data.get('args', {})
