Project

General

Profile

Bug #27501

Private keys found in debug log

Added by Jorick Astrego about 1 year ago. Updated 14 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

Related to https://projects.theforeman.org/issues/25595

I see the private key in a message labeled "kat" in our production.log

2019-08-02T03:54:08 [D|kat|8a867303] Body: {"created":"2019-07-26T13:55:11+0000","updated":"2019-07-30T09:38:17+0000","id":"8ae4e4986c1e1076016c2e9066e001d6","uuid":"1b43f579-57f8-43f9-ab47-11e2378f6e76","name":"******","username":"******,"entitlementStatus":"valid","serviceLevel":"","role":null,"usage":null,"addOns":[],"systemPurposeStatus":"not specified","owner":{"id":"8ae4e4986b6ad604016c050b9fed018e","key":"******","displayName":"******","href":"/owners/I******"},"environment" 

<snip>

"idCert":{"created":"2019-07-26T13:55:18+0000","updated":"2019-07-26T13:55:18+0000","id":"8ae4e4986c1e1076016c2e9084e601d8","key":"-----BEGIN RSA PRIVATE KEY-----********-----END RSA PRIVATE KEY-----\n","cert":"-----BEGIN CERTIFICATE-----*******-----END CERTIFICATE-----\n","serial":{"created":"2019-07-26T13:55:12+0000","updated":"2019-07-26T13:55:12+0000","id":2145538803981733145,"serial":2145538803981733145,"expiration":"2035-07-26T13:55:12+0000","collected":false,"revoked":false}}}

And also another one with "app"

2019-08-02T03:54:08 [D|app|8a867303] With body: {"created":"2019-07-26T13:55:11+0000","updated":"2019-07-30T09:38:17+0000","id":"8ae4e4986c1e1076016c2e9066e001d6","uuid":"1b43f579-57f8-43f9-ab47-11e2378f6e76","name":"****","username":"foreman_admin","entitlementStatus":"valid","serviceLevel":"","role":null,"usage":null,"addOns":[],"systemPurposeStatus":"not specified","owner":{"id":"8ae4e4986b6ad604016c050b9fed018e","key":"****","displayName":"****","href":"/owners/****"},"environment":

<snip>

"idCert":{"created":"2019-07-26T13:55:18+0000","updated":"2019-07-26T13:55:18+0000","id":"8ae4e4986c1e1076016c2e9084e601d8","key":"-----BEGIN RSA PRIVATE KEY-----********-----END RSA PRIVATE KEY-----\n","cert":"-----BEGIN CERTIFICATE-----*********-----END CERTIFICATE-----\n","serial":{"created":"2019-07-26T13:55:12+0000","updated":"2019-07-26T13:55:12+0000","id":2145538803981733145,"serial":2145538803981733145,"expiration":"2035-07-26T13:55:12+0000","collected":false,"revoked":false}}}

Associated revisions

Revision 458d7fb1 (diff)
Added by Jeremy Lenz 6 months ago

Fixes #27501 - Filter private keys in logs

Revision f6bf200e (diff)
Added by Jeremy Lenz 6 months ago

Refs #27501 - also filter debug info

Revision ed15d82e (diff)
Added by Jeremy Lenz 6 months ago

Refs #27501 - add Concern

Revision 014844e2 (diff)
Added by Jeremy Lenz 6 months ago

Refs #27501 - filter cp proxies controller

Revision 1583a45d (diff)
Added by Jeremy Lenz 6 months ago

Refs #27501 - use [\s\S] in regex so newlines still match

Revision 2cc7e2dd (diff)
Added by Jeremy Lenz 6 months ago

Refs #27501 - avoid cp_proxy unfiltered log

Revision 8d9738db (diff)
Added by Jeremy Lenz 6 months ago

Refs #27501 - filter registry_proxies_controller

Revision ffd42df9 (diff)
Added by Jeremy Lenz 6 months ago

Refs #27501 - move skip_after_action back

Revision ffa48e0b (diff)
Added by Jeremy Lenz 6 months ago

Refs #27501 - check if callback defined

Revision 2d85910b (diff)
Added by Jeremy Lenz 6 months ago

Refs #27501 - don't run skip_after_action twice

History

#1 Updated by Jonathon Turel about 1 year ago

  • Triaged changed from No to Yes
  • Target version set to Katello 3.14.0

#2 Updated by Jonathon Turel 9 months ago

  • Target version changed from Katello 3.14.0 to Katello 3.16.0

#3 Updated by The Foreman Bot 6 months ago

  • Assignee set to Jeremy Lenz
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/Katello/katello/pull/8667 added

#4 Updated by The Foreman Bot 6 months ago

  • Fixed in Releases added

#5 Updated by Jeremy Lenz 6 months ago

  • Status changed from Ready For Testing to Closed

#6 Updated by Jonathon Turel 14 days ago

  • Fixed in Releases Katello 3.17.0 added
  • Fixed in Releases deleted ()
  • Pull request deleted (https://github.com/Katello/katello/pull/8667)

Also available in: Atom PDF