Skip to content

Don't log the whole client configurations for security #188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
BewareMyPower merged 2 commits into from
Aug 25, 2025
Merged

Don't log the whole client configurations for security #188

BewareMyPower merged 2 commits into from
Aug 25, 2025

Conversation

@BewareMyPower
Copy link
Contributor

@BewareMyPower BewareMyPower commented Aug 21, 2025
edited
Loading

Motivation

pulsar-spark/src/main/scala/org/apache/spark/sql/pulsar/CachedPulsarClient.scala

Line 47 in 59066fc

logInfo(s"Client Conf = ${clientConf}")

The whole client configurations are logged, which might include the secret info whose key is authParams.

Modifications

Remove the logging for the whole client configuration. Actually, in PulsarConfigUpdater.rebuild, set will be called on each configuration, which is already logged here:

pulsar-spark/src/main/scala/org/apache/spark/sql/pulsar/PulsarConfigUpdater.scala

Lines 43 to 46 in 59066fc

logInfo(
s"$module: Set '$key' to " +
s"'${printConfigValue(key, Option(value))}'," +
s" earlier value: '${printConfigValue(key, pulsarParams.get(key))}'")

The printConfigValue method will hide the config of authParams, but it could still print 1/3 of the authParams, which could still leak some info, so just hide the whole authParams

Documentation

Check the box below.

Need to update docs?

  • doc-required
  • no-need-doc
  • doc

@BewareMyPower BewareMyPower requested review from a team and nlu90 as code owners August 21, 2025 15:06
@BewareMyPower BewareMyPower self-assigned this Aug 21, 2025
@github-actions github-actions bot added the no-need-doc This pr does not need any document label Aug 21, 2025
@Anders-Frey
Copy link

Anders-Frey commented Aug 22, 2025

Thanks for picking this up! I would like to add that the shortened print in the set function also reveals a fairly large chunk of the secret involved. Since the function cuts of the last third of the config value, a long value (like a JSON struct) could contain the sensitive information in the first two thirds of the value.

@BewareMyPower
Copy link
Contributor Author

BewareMyPower commented Aug 23, 2025

It makes sense. The whole authParams is hidden now.

@BewareMyPower BewareMyPower merged commit 87d447a into master Aug 25, 2025
2 checks passed
@BewareMyPower BewareMyPower deleted the bewaremypower/config-log-security branch August 25, 2025 08:02
nlu90 pushed a commit that referenced this pull request Aug 26, 2025
@BewareMyPower @nlu90
Don't log the whole client configurations for security (#188)
733cda6
nlu90 pushed a commit that referenced this pull request Sep 16, 2025
@BewareMyPower @nlu90
Don't log the whole client configurations for security (#188)
b953f4f
nlu90 pushed a commit that referenced this pull request Sep 16, 2025
@BewareMyPower @nlu90
Don't log the whole client configurations for security (#188)
982ce3c
nlu90 pushed a commit that referenced this pull request Sep 17, 2025
@BewareMyPower @nlu90
Don't log the whole client configurations for security (#188)
6094d9d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@freeznet freeznet freeznet approved these changes

@jiangpengcheng jiangpengcheng jiangpengcheng approved these changes

@nlu90 nlu90 Awaiting requested review from nlu90 nlu90 is a code owner

Assignees

@BewareMyPower BewareMyPower

Labels

no-need-doc This pr does not need any document

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@BewareMyPower @Anders-Frey @freeznet @jiangpengcheng