commit f2c279bae94689e2062beb6d0030d168a0b4cbdf
Author: Matthew Oliver <email address hidden>
Date: Thu Feb 3 16:29:53 2022 +1100
Trim sensitive information in the logs (CVE-2017-8761)
Several headers and query params were previously revealed in logs but
are now redacted:
* X-Auth-Token header (previously redacted in the {auth_token} field,
but not the {headers} field)
* temp_url_sig query param (used by tempurl middleware)
* Authorization header and X-Amz-Signature and Signature query
parameters (used by s3api middleware)
This patch adds some new middleware helper methods to track headers and
query parameters that should be redacted by proxy-logging. While
instantiating the middleware, authors can call either:
to add items that should be redacted. The redaction uses proxy-logging's
existing reveal_sensitive_prefix config option to determine how much to
reveal.
Note that query params will still be logged in their entirety if
eventlet_debug is enabled.
UpgradeImpact
=============
The reveal_sensitive_prefix config option now applies to more items;
operators should review their currently-configured value to ensure it
is appropriate for these new contexts. In particular, operators should
consider reducing the value if it is more than 20 or so, even if that
previously offered sufficient protection for auth tokens.
Co-Authored-By: Tim Burke <email address hidden>
Closes-Bug: #1685798
Change-Id: I88b8cfd30292325e0870029058da6fb38026ae1a
Reviewed: https:/ /review. opendev. org/c/openstack /swift/ +/822585 /opendev. org/openstack/ swift/commit/ f2c279bae94689e 2062beb6d0030d1 68a0b4cbdf
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit f2c279bae94689e 2062beb6d0030d1 68a0b4cbdf
Author: Matthew Oliver <email address hidden>
Date: Thu Feb 3 16:29:53 2022 +1100
Trim sensitive information in the logs (CVE-2017-8761)
Several headers and query params were previously revealed in logs but
are now redacted:
* X-Auth-Token header (previously redacted in the {auth_token} field,
but not the {headers} field)
* temp_url_sig query param (used by tempurl middleware)
* Authorization header and X-Amz-Signature and Signature query
parameters (used by s3api middleware)
This patch adds some new middleware helper methods to track headers and
query parameters that should be redacted by proxy-logging. While
instantiating the middleware, authors can call either:
to add items that should be redacted. The redaction uses proxy-logging's sensitive_ prefix config option to determine how much to
existing reveal_
reveal.
Note that query params will still be logged in their entirety if
eventlet_debug is enabled.
UpgradeImpact sensitive_ prefix config option now applies to more items; configured value to ensure it
=============
The reveal_
operators should review their currently-
is appropriate for these new contexts. In particular, operators should
consider reducing the value if it is more than 20 or so, even if that
previously offered sufficient protection for auth tokens.
Co-Authored-By: Tim Burke <email address hidden> 5e0870029058da6 fb38026ae1a
Closes-Bug: #1685798
Change-Id: I88b8cfd3029232