Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change key config type to Password. #71

Merged
merged 2 commits into from
Jan 13, 2023
Merged

Change key config type to Password. #71

merged 2 commits into from
Jan 13, 2023

Conversation

mashhurs
Copy link
Contributor

@mashhurs mashhurs commented Dec 5, 2022
edited
Loading

Description

This PR ensures to protect the :key from leaks in the debug logs.

Test

# config
Config:
      input {
        stdin {}
      }
      filter {
          fingerprint {
            key => "super-secret"
          }
      }
      output {
          stdout {
              codec => rubydebug
          }
      }

# Log before change
[2022-12-05T11:15:06,403][DEBUG][logstash.plugins.registry] On demand adding plugin to the registry {:name=>"fingerprint", :type=>"filter", :class=>LogStash::Filters::Fingerprint}
[2022-12-05T11:15:06,406][DEBUG][logstash.filters.fingerprint] config LogStash::Filters::Fingerprint/@key = "super-secret"

# Log after change
[2022-12-05T11:17:12,124][DEBUG][logstash.plugins.registry] On demand adding plugin to the registry {:name=>"fingerprint", :type=>"filter", :class=>LogStash::Filters::Fingerprint}
[2022-12-05T11:17:12,128][DEBUG][logstash.filters.fingerprint] config LogStash::Filters::Fingerprint/@key = <password>

# Unit tests
 mashhur:☆ rspec logstash-plugins/logstash-filter-fingerprint/spec/filters/fingerprint_spec.rb
    Sending Logstash logs to null which is now configured via log4j2.properties
    Run options: exclude {:integration=>true, :redis=>true, :socket=>true, :performance=>true, :couchdb=>true, :elasticsearch=>true, :elasticsearch_secure=>true, :export_cypher=>true, :windows=>true}

    Randomized with seed 63435
    .................................................................................................................................

    Finished in 0.83772 seconds (files took 6.94 seconds to load)
    129 examples, 0 failures

    Randomized with seed 63435

@mashhurs
Change key type to Password.
d5f6eee 
	This change ensures to protect the key from leaks in debug logs.

	Fixes: logstash-plugins#70
	Pull-request: logstash-plugins#70
@mashhurs mashhurs added the bug label Dec 5, 2022
@mashhurs mashhurs self-assigned this Dec 5, 2022
mashhurs
mashhurs commented Dec 5, 2022
View reviewed changes
@mashhurs
Update CHANGELOG PR id.
d1698cb 
Initial PR id was a guess and fixing with real PR id after publishing PR.
roaksoax
roaksoax approved these changes Jan 9, 2023
View reviewed changes
Copy link

@roaksoax roaksoax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@mashhurs
Copy link
Contributor Author

Merging this commit and I believe the error is not related to current changes.
The fix for error already landed with this PR and I will investigate details.

Make sure that `gem install murmurhash3 -v '0.1.7' --source

@mashhurs mashhurs merged commit 713e0f5 into logstash-plugins:main Jan 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@roaksoax roaksoax roaksoax approved these changes

Assignees

@mashhurs mashhurs

Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Change key config to Password type.
2 participants
@mashhurs @roaksoax