ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-06-11 20:01:46 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

[CORDA-1458]: Prevent passwords from being logged as part of node's configuration. (#3223)

Browse Source
This commit is contained in:
Michele Sollecito
2018-05-23 13:51:40 +01:00
committed by GitHub
parent c3de65a545
commit 1137a0cc8f
4 changed files with 24 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/source/changelog.rst
View File

@ -7,6 +7,8 @@ release, see :doc:`upgrade-notes`.
Unreleased Unreleased
========== ==========
* ``NodeStartup`` will now only print node's configuration if ``devMode`` is ``true``, avoiding the risk of printing passwords in a production setup.
* SLF4J's MDC will now only be printed to the console if not empty. No more log lines ending with "{}". * SLF4J's MDC will now only be printed to the console if not empty. No more log lines ending with "{}".
* ``WireTransaction.Companion.createComponentGroups`` has been marked as ``@CordaInternal``. It was never intended to be * ``WireTransaction.Companion.createComponentGroups`` has been marked as ``@CordaInternal``. It was never intended to be

21
node/src/main/kotlin/net/corda/node/NodeArgsParser.kt
View File

@ -1,11 +1,13 @@
package net.corda.node package net.corda.node
import com.typesafe.config.Config
import com.typesafe.config.ConfigFactory import com.typesafe.config.ConfigFactory
import joptsimple.OptionSet import joptsimple.OptionSet
import joptsimple.util.EnumConverter import joptsimple.util.EnumConverter
import joptsimple.util.PathConverter import joptsimple.util.PathConverter
import net.corda.core.internal.div import net.corda.core.internal.div
import net.corda.core.internal.exists import net.corda.core.internal.exists
import net.corda.core.utilities.Try
import net.corda.node.services.config.ConfigHelper import net.corda.node.services.config.ConfigHelper
import net.corda.node.services.config.NodeConfiguration import net.corda.node.services.config.NodeConfiguration
import net.corda.node.services.config.parseAsNodeConfiguration import net.corda.node.services.config.parseAsNodeConfiguration
@ -110,19 +112,22 @@ data class CmdLineOptions(val baseDirectory: Path,
val bootstrapRaftCluster: Boolean, val bootstrapRaftCluster: Boolean,
val unknownConfigKeysPolicy: UnknownConfigKeysPolicy, val unknownConfigKeysPolicy: UnknownConfigKeysPolicy,
val devMode: Boolean) { val devMode: Boolean) {
fun loadConfig(): NodeConfiguration { fun loadConfig(): Pair<Config, Try<NodeConfiguration>> {
val config = ConfigHelper.loadConfig( val rawConfig = ConfigHelper.loadConfig(
baseDirectory, baseDirectory,
configFile, configFile,
configOverrides = ConfigFactory.parseMap(mapOf("noLocalShell" to this.noLocalShell) + configOverrides = ConfigFactory.parseMap(mapOf("noLocalShell" to this.noLocalShell) +
if (devMode) mapOf("devMode" to this.devMode) else emptyMap<String, Any>()) if (devMode) mapOf("devMode" to this.devMode) else emptyMap<String, Any>())
).parseAsNodeConfiguration(unknownConfigKeysPolicy::handle) )
if (nodeRegistrationOption != null) { return rawConfig to Try.on {
require(!config.devMode) { "registration cannot occur in devMode" } rawConfig.parseAsNodeConfiguration(unknownConfigKeysPolicy::handle).also {
requireNotNull(config.compatibilityZoneURL) { if (nodeRegistrationOption != null) {
"compatibilityZoneURL must be present in node configuration file in registration mode." require(!it.devMode) { "registration cannot occur in devMode" }
requireNotNull(it.compatibilityZoneURL) {
"compatibilityZoneURL must be present in node configuration file in registration mode."
}
}
} }
} }
return config
} }
} }

11
node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
View File

@ -1,6 +1,8 @@
package net.corda.node.internal package net.corda.node.internal
import com.jcabi.manifests.Manifests import com.jcabi.manifests.Manifests
import com.typesafe.config.Config
import com.typesafe.config.ConfigRenderOptions
import io.netty.channel.unix.Errors import io.netty.channel.unix.Errors
import net.corda.core.crypto.Crypto import net.corda.core.crypto.Crypto
import net.corda.core.internal.Emoji import net.corda.core.internal.Emoji
@ -8,6 +10,7 @@ import net.corda.core.internal.concurrent.thenMatch
import net.corda.core.internal.createDirectories import net.corda.core.internal.createDirectories
import net.corda.core.internal.div import net.corda.core.internal.div
import net.corda.core.internal.randomOrNull import net.corda.core.internal.randomOrNull
import net.corda.core.utilities.Try
import net.corda.core.utilities.loggerFor import net.corda.core.utilities.loggerFor
import net.corda.node.CmdLineOptions import net.corda.node.CmdLineOptions
import net.corda.node.NodeArgsParser import net.corda.node.NodeArgsParser
@ -79,7 +82,11 @@ open class NodeStartup(val args: Array<String>) {
drawBanner(versionInfo) drawBanner(versionInfo)
Node.printBasicNodeInfo(LOGS_CAN_BE_FOUND_IN_STRING, System.getProperty("log-path")) Node.printBasicNodeInfo(LOGS_CAN_BE_FOUND_IN_STRING, System.getProperty("log-path"))
val conf = try { val conf = try {
val conf0 = loadConfigFile(cmdlineOptions) val (rawConfig, conf0Result) = loadConfigFile(cmdlineOptions)
if (cmdlineOptions.devMode) {
println("Config:\n${rawConfig.root().render(ConfigRenderOptions.defaults())}")
}
val conf0 = conf0Result.getOrThrow()
if (cmdlineOptions.bootstrapRaftCluster) { if (cmdlineOptions.bootstrapRaftCluster) {
if (conf0 is NodeConfigurationImpl) { if (conf0 is NodeConfigurationImpl) {
println("Bootstrapping raft cluster (starting up as seed node).") println("Bootstrapping raft cluster (starting up as seed node).")
@ -211,7 +218,7 @@ open class NodeStartup(val args: Array<String>) {
NodeRegistrationHelper(conf, HTTPNetworkRegistrationService(compatibilityZoneURL), nodeRegistrationConfig).buildKeystore() NodeRegistrationHelper(conf, HTTPNetworkRegistrationService(compatibilityZoneURL), nodeRegistrationConfig).buildKeystore()
} }
protected open fun loadConfigFile(cmdlineOptions: CmdLineOptions): NodeConfiguration = cmdlineOptions.loadConfig() protected open fun loadConfigFile(cmdlineOptions: CmdLineOptions): Pair<Config, Try<NodeConfiguration>> = cmdlineOptions.loadConfig()
protected open fun banJavaSerialisation(conf: NodeConfiguration) { protected open fun banJavaSerialisation(conf: NodeConfiguration) {
SerialFilter.install(if (conf.notary?.bftSMaRt != null) ::bftSMaRtSerialFilter else ::defaultSerialFilter) SerialFilter.install(if (conf.notary?.bftSMaRt != null) ::bftSMaRtSerialFilter else ::defaultSerialFilter)

4
node/src/main/kotlin/net/corda/node/services/config/ConfigUtilities.kt
View File

@ -3,7 +3,6 @@ package net.corda.node.services.config
import com.typesafe.config.Config import com.typesafe.config.Config
import com.typesafe.config.ConfigFactory import com.typesafe.config.ConfigFactory
import com.typesafe.config.ConfigParseOptions import com.typesafe.config.ConfigParseOptions
import com.typesafe.config.ConfigRenderOptions
import net.corda.core.identity.CordaX500Name import net.corda.core.identity.CordaX500Name
import net.corda.core.internal.createDirectories import net.corda.core.internal.createDirectories
import net.corda.core.internal.div import net.corda.core.internal.div
@ -50,9 +49,6 @@ object ConfigHelper {
.withFallback(defaultConfig) .withFallback(defaultConfig)
.resolve() .resolve()
log.info("Config:\n${finalConfig.root().render(ConfigRenderOptions.defaults())}")
val entrySet = finalConfig.entrySet().filter { entry -> entry.key.contains("\"") } val entrySet = finalConfig.entrySet().filter { entry -> entry.key.contains("\"") }
for ((key) in entrySet) { for ((key) in entrySet) {
log.error("Config files should not contain \" in property names. Please fix: $key") log.error("Config files should not contain \" in property names. Please fix: $key")