From 7c086d6a57051397563d0019bfa8c40b0fd70e5d Mon Sep 17 00:00:00 2001 From: Milan Zamazal Date: Thu, 8 Sep 2022 12:01:11 +0200 Subject: [PATCH] core: Replace cloud-init password in debug logs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The password is currently replaced in meta data but it occurs in user data. Let’s replace it there too. --- .../engine/core/vdsbroker/vdsbroker/CloudInitHandler.java | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/vdsbroker/CloudInitHandler.java b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/vdsbroker/CloudInitHandler.java index c4e817b82c5..4c951510e38 100644 --- a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/vdsbroker/CloudInitHandler.java +++ b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/vdsbroker/CloudInitHandler.java @@ -11,6 +11,8 @@ import java.util.Map; import java.util.UUID; import java.util.function.Supplier; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import org.apache.commons.collections.MapUtils; import org.apache.commons.lang.StringUtils; @@ -41,6 +43,7 @@ public class CloudInitHandler { private Map networkData; private final String passwordKey = "password"; + private static final Pattern PASSWORD_PATTERN = Pattern.compile("(password: *)'.*'"); public List validate(VmInit vmInit) { // validate only if 'Initial Run' parameters were specified @@ -118,6 +121,10 @@ public Map getFileData() String newStr = String.format("\"%s\" : ***", passwordKey); metaDataStr = metaDataStr.replace(oldStr, newStr); } + if (userDataStr.contains(passwordKey)) { + Matcher matcher = PASSWORD_PATTERN.matcher(userDataStr); + userDataStr = matcher.replaceAll("$1'***'"); + } log.debug("cloud-init meta-data:\n{}", metaDataStr); log.debug("cloud-init user-data:\n{}", userDataStr); return files;