hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (Jira)" <j...@apache.org>
Subject [jira] [Work logged] (HADOOP-17618) ABFS: Partially obfuscate SAS object IDs in Logs
Date Thu, 01 Apr 2021 07:16:00 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-17618?focusedWorklogId=575356&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-575356
]

ASF GitHub Bot logged work on HADOOP-17618:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 01/Apr/21 07:15
            Start Date: 01/Apr/21 07:15
    Worklog Time Spent: 10m 
      Work Description: vinaysbadami commented on a change in pull request #2845:
URL: https://github.com/apache/hadoop/pull/2845#discussion_r605424939



##########
File path: hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/services/AbfsHttpOperation.java
##########
@@ -558,6 +560,24 @@ public String getSignatureMaskedEncodedUrl() {
     return this.maskedEncodedUrl;
   }
 
+  public void maskSASObjectIDs() {
+    int oidStartIdx, ampIdx, oidEndIndex, qpStrIdx;
+    for (String qpKey : SAS_OID_PARAM_KEYS) {
+      qpStrIdx = maskedUrl.indexOf('&' + qpKey);

Review comment:
       this.maskedUrl to be consistent with rest of file

##########
File path: hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/services/AbfsHttpOperation.java
##########
@@ -558,6 +560,24 @@ public String getSignatureMaskedEncodedUrl() {
     return this.maskedEncodedUrl;
   }
 
+  public void maskSASObjectIDs() {
+    int oidStartIdx, ampIdx, oidEndIndex, qpStrIdx;
+    for (String qpKey : SAS_OID_PARAM_KEYS) {
+      qpStrIdx = maskedUrl.indexOf('&' + qpKey);
+      if (qpStrIdx == -1) {
+        qpStrIdx = maskedUrl.indexOf('?' + qpKey);
+        if (qpStrIdx == -1) {
+          continue;
+        }
+      }
+      oidStartIdx = qpStrIdx + qpKey.length() + 1;
+      ampIdx = maskedUrl.indexOf("&", oidStartIdx);
+      oidEndIndex = (ampIdx != -1) ? ampIdx : maskedUrl.length();
+      maskedUrl = maskedUrl.substring(0, oidStartIdx + 5) + "XXXX" + maskedUrl
+          .substring(oidEndIndex);
+    }

Review comment:
       should we move all the masking logic to a single static method that takes a string
and returns a masked string
   that will make testing easier.
   Also should we look at this method in a utils class to keep this class cleaner

##########
File path: hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/services/AbfsHttpOperation.java
##########
@@ -558,6 +560,24 @@ public String getSignatureMaskedEncodedUrl() {
     return this.maskedEncodedUrl;
   }
 
+  public void maskSASObjectIDs() {
+    int oidStartIdx, ampIdx, oidEndIndex, qpStrIdx;

Review comment:
       move to point of first use




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 575356)
    Time Spent: 1h 10m  (was: 1h)

> ABFS: Partially obfuscate SAS object IDs in Logs
> ------------------------------------------------
>
>                 Key: HADOOP-17618
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17618
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/azure
>    Affects Versions: 3.3.1
>            Reporter: Sumangala Patki
>            Assignee: Sumangala Patki
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Delegation SAS tokens are created using various parameters for specifying details such
as permissions and validity. The requests are logged, along with values of all the query parameters.
This change will partially mask values logged for the following object IDs representing the
security principal: skoid, saoid, suoid



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message