CLOUDSTACK-5942: The agent at places logs the password of the user. It should mask the

password from the message string before writing to the log. Made a change to do so.
2025-10-26 08:42:29 +01:00 · 2014-01-24 20:53:42 +05:30 · 2014-01-24 20:53:42 +05:30 · aab881be21
commit aab881be21
parent dad98ef4de
3 changed files with 23 additions and 13 deletions
--- a/plugins/hypervisors/hyperv/DotNet/ServerResource/HypervResource/CloudStackTypes.cs
+++ b/plugins/hypervisors/hyperv/DotNet/ServerResource/HypervResource/CloudStackTypes.cs
@ -254,7 +254,7 @@ namespace HypervResource
                // Assert
                if (result.dataStore == null || (result.primaryDataStore == null && result.nfsDataStore == null))
                {
-                    String errMsg = "VolumeObjectTO missing dataStore in spec " + volumeObjectTOJson.ToString();
+                    String errMsg = "VolumeObjectTO missing dataStore in spec " + Utils.CleanString(volumeObjectTOJson.ToString());
                    logger.Error(errMsg);
                    throw new ArgumentNullException(errMsg);
                }
@ -292,7 +292,7 @@ namespace HypervResource
                }
                else
                {
-                    String errMsg = "VolumeObjectTO missing dataStore in spec " + volInfo.ToString();
+                    String errMsg = "VolumeObjectTO missing dataStore in spec " + Utils.CleanString(volInfo.ToString());
                    logger.Error(errMsg);
                    throw new ArgumentNullException(errMsg);
                }
--- a/plugins/hypervisors/hyperv/DotNet/ServerResource/HypervResource/HypervResourceController.cs
+++ b/plugins/hypervisors/hyperv/DotNet/ServerResource/HypervResource/HypervResourceController.cs
@ -207,7 +207,7 @@ namespace HypervResource
        {
            using (log4net.NDC.Push(Guid.NewGuid().ToString()))
            {
-                logger.Info(CloudStackTypes.AttachCommand + cmd.ToString());
+                logger.Info(CloudStackTypes.AttachCommand + Utils.CleanString(cmd.ToString()));
                string details = null;
                bool result = false;
@ -268,7 +268,7 @@ namespace HypervResource
        {
            using (log4net.NDC.Push(Guid.NewGuid().ToString()))
            {
-                logger.Info(CloudStackTypes.DettachCommand + cmd.ToString());
+                logger.Info(CloudStackTypes.DettachCommand + Utils.CleanString(cmd.ToString()));
                string details = null;
                bool result = false;
@ -485,7 +485,7 @@ namespace HypervResource
        {
            JObject ansObj = Utils.CreateCloudStackObject(ansType, ansContent);
            JArray answer = new JArray(ansObj);
-            logger.Info(ansObj.ToString());
+            logger.Info(Utils.CleanString(ansObj.ToString()));
            return answer;
        }
@ -496,7 +496,7 @@ namespace HypervResource
        {
            using (log4net.NDC.Push(Guid.NewGuid().ToString()))
            {
-                logger.Info(CloudStackTypes.CreateCommand + cmd.ToString());
+                logger.Info(CloudStackTypes.CreateCommand + Utils.CleanString(cmd.ToString()));
                string details = null;
                bool result = false;
@ -603,7 +603,7 @@ namespace HypervResource
        {
            using (log4net.NDC.Push(Guid.NewGuid().ToString()))
            {
-                logger.Info(CloudStackTypes.PrimaryStorageDownloadCommand + cmd.ToString());
+                logger.Info(CloudStackTypes.PrimaryStorageDownloadCommand + Utils.CleanString(cmd.ToString()));
                string details = null;
                bool result = false;
                long size = 0;
@ -871,7 +871,7 @@ namespace HypervResource
        {
            using (log4net.NDC.Push(Guid.NewGuid().ToString()))
            {
-                logger.Info(CloudStackTypes.CreateStoragePoolCommand + cmd.ToString());
+                logger.Info(CloudStackTypes.CreateStoragePoolCommand + Utils.CleanString(cmd.ToString()));
                object ansContent = new
                {
                    result = true,
@ -889,7 +889,7 @@ namespace HypervResource
        {
            using (log4net.NDC.Push(Guid.NewGuid().ToString()))
            {
-                logger.Info(CloudStackTypes.ModifyStoragePoolCommand + cmd.ToString());
+                logger.Info(CloudStackTypes.ModifyStoragePoolCommand + Utils.CleanString(cmd.ToString()));
                string details = null;
                string localPath;
                StoragePoolType poolType;
@ -1045,7 +1045,7 @@ namespace HypervResource
        {
            using (log4net.NDC.Push(Guid.NewGuid().ToString()))
            {
-                logger.Info(CloudStackTypes.StartCommand + cmd.ToString()); // TODO: Security hole? VM data printed to log
+                logger.Info(CloudStackTypes.StartCommand + Utils.CleanString(cmd.ToString()));
                string details = null;
                bool result = false;
@ -1144,7 +1144,7 @@ namespace HypervResource
        {
            using (log4net.NDC.Push(Guid.NewGuid().ToString()))
            {
-                logger.Info(CloudStackTypes.CreateObjectCommand + cmd.ToString());
+                logger.Info(CloudStackTypes.CreateObjectCommand + Utils.CleanString(cmd.ToString()));
                bool result = false;
                string details = null;
@ -1315,7 +1315,7 @@ namespace HypervResource
            using (log4net.NDC.Push(Guid.NewGuid().ToString()))
            {
                // Log command *after* we've removed security details from the command.
-                logger.Info(CloudStackTypes.CopyCommand + cmd.ToString());
+                logger.Info(CloudStackTypes.CopyCommand + Utils.CleanString(cmd.ToString()));
                bool result = false;
                string details = null;
@ -1691,7 +1691,7 @@ namespace HypervResource
        {
            using (log4net.NDC.Push(Guid.NewGuid().ToString()))
            {
-                logger.Info(CloudStackTypes.GetStorageStatsCommand + cmd.ToString());
+                logger.Info(CloudStackTypes.GetStorageStatsCommand + Utils.CleanString(cmd.ToString()));
                bool result = false;
                string details = null;
                long capacity = 0;
--- a/plugins/hypervisors/hyperv/DotNet/ServerResource/HypervResource/Utils.cs
+++ b/plugins/hypervisors/hyperv/DotNet/ServerResource/HypervResource/Utils.cs
@ -164,6 +164,16 @@ namespace HypervResource
            capacity = totalNumberOfBytes > 0 ? (long)totalNumberOfBytes : 0;
        }
        public static string CleanString(string stringToClean)
        {
            string cleanString = null;
            string regexQueryString = "(&|%26)?(password|accesskey|secretkey)(=|%3D).*?(?=(%26|[&'\"]))";
            string regexJson = "\"(password|accesskey|secretkey)\":\".*?\",?";
            cleanString = System.Text.RegularExpressions.Regex.Replace(stringToClean, regexQueryString, "");
            cleanString = System.Text.RegularExpressions.Regex.Replace(cleanString, regexJson, "");
            return cleanString;
        }
        // from http://stackoverflow.com/a/2541569/939250
        #region imports
        [DllImport("advapi32.dll", SetLastError = true)]