apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-12-16 10:32:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix API Request Parameters Logged Credential Masking in ApiServer (#12020)

Browse Source
This commit is contained in:
YoulongChen 2025-11-12 15:36:19 +08:00 committed by GitHub
parent d26122bf22
commit 81787b310e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
server/src/main/java/com/cloud/api/ApiServer.java
View File

@ -39,6 +39,7 @@ import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
import java.util.Arrays;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import java.util.TimeZone; import java.util.TimeZone;
@ -244,6 +245,12 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
@Inject @Inject
private MessageBus messageBus; private MessageBus messageBus;
private static final Set<String> sensitiveFields = new HashSet<>(Arrays.asList(
"password", "secretkey", "apikey", "token",
"sessionkey", "accesskey", "signature",
"authorization", "credential", "secret"
));
private static final ConfigKey<Integer> IntegrationAPIPort = new ConfigKey<>(ConfigKey.CATEGORY_ADVANCED private static final ConfigKey<Integer> IntegrationAPIPort = new ConfigKey<>(ConfigKey.CATEGORY_ADVANCED
, Integer.class , Integer.class
, "integration.api.port" , "integration.api.port"
@ -610,10 +617,23 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
logger.error("invalid request, no command sent"); logger.error("invalid request, no command sent");
if (logger.isTraceEnabled()) { if (logger.isTraceEnabled()) {
logger.trace("dumping request parameters"); logger.trace("dumping request parameters");
for (final Object key : params.keySet()) {
final String keyStr = (String)key; for (final Object key : params.keySet()) {
final String[] value = (String[])params.get(key); final String keyStr = (String) key;
logger.trace(" key: " + keyStr + ", value: " + ((value == null) ? "'null'" : value[0])); final String[] value = (String[]) params.get(key);
String lowerKeyStr = keyStr.toLowerCase();
boolean isSensitive = sensitiveFields.stream()
.anyMatch(lowerKeyStr::contains);
String logValue;
if (isSensitive) {
logValue = "******"; // mask sensitive values
} else {
logValue = (value == null) ? "'null'" : value[0];
}
logger.trace(" key: " + keyStr + ", value: " + logValue);
} }
} }
throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, "Invalid request, no command sent"); throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, "Invalid request, no command sent");