From 39351fb8d27c9cb9b4e094b5b495f335e544caa6 Mon Sep 17 00:00:00 2001 From: Navis Ryu Date: Tue, 9 Aug 2016 01:06:10 +0900 Subject: [PATCH] Mask properties from logging (#3332) * Mask properties from logging * mask "password" by default --- docs/content/configuration/index.md | 1 + .../io/druid/server/log/StartupLoggingConfig.java | 11 +++++++++++ .../src/main/java/io/druid/cli/GuiceRunnable.java | 12 +++++++++++- 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/docs/content/configuration/index.md b/docs/content/configuration/index.md index c53deb63af1..e0fa697ea3f 100644 --- a/docs/content/configuration/index.md +++ b/docs/content/configuration/index.md @@ -82,6 +82,7 @@ All nodes can log debugging information on startup. |Property|Description|Default| |--------|-----------|-------| |`druid.startup.logging.logProperties`|Log all properties on startup (from common.runtime.properties, runtime.properties, and the JVM command line).|false| +|`druid.startup.logging.maskProperties`|Masks sensitive properties (passwords, for example) containing theses words.|["password"]| Note that some sensitive information may be logged if these settings are enabled. diff --git a/server/src/main/java/io/druid/server/log/StartupLoggingConfig.java b/server/src/main/java/io/druid/server/log/StartupLoggingConfig.java index 77cb33b58ec..51776da266a 100644 --- a/server/src/main/java/io/druid/server/log/StartupLoggingConfig.java +++ b/server/src/main/java/io/druid/server/log/StartupLoggingConfig.java @@ -20,14 +20,25 @@ package io.druid.server.log; import com.fasterxml.jackson.annotation.JsonProperty; +import com.google.common.collect.ImmutableList; + +import java.util.List; public class StartupLoggingConfig { @JsonProperty private boolean logProperties = false; + @JsonProperty + private List maskProperties = ImmutableList.of("password"); + public boolean isLogProperties() { return logProperties; } + + public List getMaskProperties() + { + return maskProperties; + } } diff --git a/services/src/main/java/io/druid/cli/GuiceRunnable.java b/services/src/main/java/io/druid/cli/GuiceRunnable.java index d75184dfe24..ae7ef446e69 100644 --- a/services/src/main/java/io/druid/cli/GuiceRunnable.java +++ b/services/src/main/java/io/druid/cli/GuiceRunnable.java @@ -21,6 +21,7 @@ package io.druid.cli; import com.google.common.base.Throwables; import com.google.common.collect.Ordering; +import com.google.common.collect.Sets; import com.google.inject.Inject; import com.google.inject.Injector; import com.google.inject.Module; @@ -32,6 +33,7 @@ import io.druid.server.log.StartupLoggingConfig; import java.util.List; import java.util.Properties; +import java.util.Set; /** */ @@ -80,10 +82,18 @@ public abstract class GuiceRunnable implements Runnable ); if (startupLoggingConfig.isLogProperties()) { + final Set maskProperties = Sets.newHashSet(startupLoggingConfig.getMaskProperties()); final Properties props = injector.getInstance(Properties.class); for (String propertyName : Ordering.natural().sortedCopy(props.stringPropertyNames())) { - log.info("* %s: %s", propertyName, props.getProperty(propertyName)); + String property = props.getProperty(propertyName); + for (String masked : maskProperties) { + if (propertyName.contains(masked)) { + property = ""; + break; + } + } + log.info("* %s: %s", propertyName, property); } }