github
/
DolphinScheduler
mirror of https://gitee.com/dolphinscheduler/DolphinScheduler.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

[bug fix] Some password attributes can be viewd directly in the log (#5638) 

* fix the password display incorrectly

* update

* update

* fic code style

fic code style

* Update SensitiveDataConverterTest.java

* Update SensitiveDataConverter.java

* Update SensitiveDataConverter.java

* Update SensitiveDataConverterTest.java

* Update pom.xml
2.0.7-release
kyoty 3 years ago committed by GitHub
parent
b21e821845
commit
75813e7866
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 182 additions and 225 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      docker/build/conf/dolphinscheduler/logback/logback-alert.xml
  2. 7
      docker/build/conf/dolphinscheduler/logback/logback-api.xml
  3. 11
      docker/build/conf/dolphinscheduler/logback/logback-master.xml
  4. 11
      docker/build/conf/dolphinscheduler/logback/logback-worker.xml
  5. 7
      dolphinscheduler-alert/src/main/resources/logback-alert.xml
  6. 7
      dolphinscheduler-api/src/main/resources/logback-api.xml
  7. 2
      dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/Constants.java
  8. 13
      dolphinscheduler-server/src/main/resources/logback-master.xml
  9. 11
      dolphinscheduler-server/src/main/resources/logback-worker.xml
  10. 179
      dolphinscheduler-server/src/test/java/org/apache/dolphinscheduler/server/log/SensitiveDataConverterTest.java
  11. 13
      dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/log/SensitiveDataConverter.java
  12. 137
      dolphinscheduler-service/src/test/java/org/apache/dolphinscheduler/service/log/SensitiveDataConverterTest.java
  13. 2
      pom.xml

7
docker/build/conf/dolphinscheduler/logback/logback-alert.xml
Unescape View File

@ -18,12 +18,13 @@
<!-- Logback configuration. See http://logback.qos.ch/manual/index.html --> <!-- Logback configuration. See http://logback.qos.ch/manual/index.html -->
<configuration scan="true" scanPeriod="120 seconds"> <!--debug="true" --> <configuration scan="true" scanPeriod="120 seconds"> <!--debug="true" -->
<conversionRule conversionWord="message" converterClass="org.apache.dolphinscheduler.service.log.SensitiveDataConverter">
</conversionRule>
<property name="log.base" value="logs"/> <property name="log.base" value="logs"/>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %msg%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>
@ -38,7 +39,7 @@
</rollingPolicy> </rollingPolicy>
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %msg%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>

7
docker/build/conf/dolphinscheduler/logback/logback-api.xml
Unescape View File

@ -18,12 +18,13 @@
<!-- Logback configuration. See http://logback.qos.ch/manual/index.html --> <!-- Logback configuration. See http://logback.qos.ch/manual/index.html -->
<configuration scan="true" scanPeriod="120 seconds"> <!--debug="true" --> <configuration scan="true" scanPeriod="120 seconds"> <!--debug="true" -->
<conversionRule conversionWord="message" converterClass="org.apache.dolphinscheduler.service.log.SensitiveDataConverter">
</conversionRule>
<property name="log.base" value="logs"/> <property name="log.base" value="logs"/>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %msg%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>
@ -42,7 +43,7 @@
</rollingPolicy> </rollingPolicy>
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %msg%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>

11
docker/build/conf/dolphinscheduler/logback/logback-master.xml
Unescape View File

@ -18,19 +18,18 @@
<!-- Logback configuration. See http://logback.qos.ch/manual/index.html --> <!-- Logback configuration. See http://logback.qos.ch/manual/index.html -->
<configuration scan="true" scanPeriod="120 seconds"> <!--debug="true" --> <configuration scan="true" scanPeriod="120 seconds"> <!--debug="true" -->
<conversionRule conversionWord="message" converterClass="org.apache.dolphinscheduler.service.log.SensitiveDataConverter">
</conversionRule>
<property name="log.base" value="logs"/> <property name="log.base" value="logs"/>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %msg%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>
</appender> </appender>
<conversionRule conversionWord="messsage"
converterClass="org.apache.dolphinscheduler.server.log.SensitiveDataConverter"/>
<appender name="TASKLOGFILE" class="ch.qos.logback.classic.sift.SiftingAppender"> <appender name="TASKLOGFILE" class="ch.qos.logback.classic.sift.SiftingAppender">
<!-- <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> <!-- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
<level>INFO</level> <level>INFO</level>
@ -45,7 +44,7 @@
<file>${log.base}/${taskAppId}.log</file> <file>${log.base}/${taskAppId}.log</file>
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %messsage%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>
@ -66,7 +65,7 @@
</rollingPolicy> </rollingPolicy>
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %msg%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>

11
docker/build/conf/dolphinscheduler/logback/logback-worker.xml
Unescape View File

@ -18,20 +18,19 @@
<!-- Logback configuration. See http://logback.qos.ch/manual/index.html --> <!-- Logback configuration. See http://logback.qos.ch/manual/index.html -->
<configuration scan="true" scanPeriod="120 seconds"> <!--debug="true" --> <configuration scan="true" scanPeriod="120 seconds"> <!--debug="true" -->
<conversionRule conversionWord="message" converterClass="org.apache.dolphinscheduler.service.log.SensitiveDataConverter">
</conversionRule>
<property name="log.base" value="logs"/> <property name="log.base" value="logs"/>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %msg%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>
</appender> </appender>
<!-- worker server logback config start --> <!-- worker server logback config start -->
<conversionRule conversionWord="messsage"
converterClass="org.apache.dolphinscheduler.server.log.SensitiveDataConverter"/>
<appender name="TASKLOGFILE" class="ch.qos.logback.classic.sift.SiftingAppender"> <appender name="TASKLOGFILE" class="ch.qos.logback.classic.sift.SiftingAppender">
<!-- <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> <!-- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
<level>INFO</level> <level>INFO</level>
@ -46,7 +45,7 @@
<file>${log.base}/${taskAppId}.log</file> <file>${log.base}/${taskAppId}.log</file>
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %messsage%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>
@ -66,7 +65,7 @@
</rollingPolicy> </rollingPolicy>
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %messsage%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>

7
dolphinscheduler-alert/src/main/resources/logback-alert.xml
Unescape View File

@ -18,12 +18,13 @@
<!-- Logback configuration. See http://logback.qos.ch/manual/index.html --> <!-- Logback configuration. See http://logback.qos.ch/manual/index.html -->
<configuration scan="true" scanPeriod="120 seconds"> <!--debug="true" --> <configuration scan="true" scanPeriod="120 seconds"> <!--debug="true" -->
<conversionRule conversionWord="message" converterClass="org.apache.dolphinscheduler.service.log.SensitiveDataConverter">
</conversionRule>
<property name="log.base" value="logs"/> <property name="log.base" value="logs"/>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %msg%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>
@ -38,7 +39,7 @@
</rollingPolicy> </rollingPolicy>
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %msg%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>

7
dolphinscheduler-api/src/main/resources/logback-api.xml
Unescape View File

@ -18,12 +18,13 @@
<!-- Logback configuration. See http://logback.qos.ch/manual/index.html --> <!-- Logback configuration. See http://logback.qos.ch/manual/index.html -->
<configuration scan="true" scanPeriod="120 seconds"> <!--debug="true" --> <configuration scan="true" scanPeriod="120 seconds"> <!--debug="true" -->
<conversionRule conversionWord="message" converterClass="org.apache.dolphinscheduler.service.log.SensitiveDataConverter">
</conversionRule>
<property name="log.base" value="logs"/> <property name="log.base" value="logs"/>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %msg%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>
@ -42,7 +43,7 @@
</rollingPolicy> </rollingPolicy>
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %msg%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>

2
dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/Constants.java
Unescape View File

@ -999,7 +999,7 @@ public final class Constants {
/** /**
* dataSource sensitive param * dataSource sensitive param
*/ */
public static final String DATASOURCE_PASSWORD_REGEX = "(?<=(\"password\":\")).*?(?=(\"))"; public static final String DATASOURCE_PASSWORD_REGEX = "(?<=((?i)password((\\\\\":\\\\\")|(=')))).*?(?=((\\\\\")|(')))";
/** /**
* default worker group * default worker group

13
dolphinscheduler-server/src/main/resources/logback-master.xml
Unescape View File

@ -18,19 +18,20 @@
<!-- Logback configuration. See http://logback.qos.ch/manual/index.html --> <!-- Logback configuration. See http://logback.qos.ch/manual/index.html -->
<configuration scan="true" scanPeriod="120 seconds"> <!--debug="true" --> <configuration scan="true" scanPeriod="120 seconds"> <!--debug="true" -->
<conversionRule conversionWord="message" converterClass="org.apache.dolphinscheduler.service.log.SensitiveDataConverter">
</conversionRule>
<property name="log.base" value="logs"/> <property name="log.base" value="logs"/>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %msg%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>
</appender> </appender>
<conversionRule conversionWord="messsage"
converterClass="org.apache.dolphinscheduler.server.log.SensitiveDataConverter"/>
<appender name="TASKLOGFILE" class="ch.qos.logback.classic.sift.SiftingAppender"> <appender name="TASKLOGFILE" class="ch.qos.logback.classic.sift.SiftingAppender">
<!-- <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> <!-- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
<level>INFO</level> <level>INFO</level>
@ -45,7 +46,7 @@
<file>${log.base}/${taskAppId}.log</file> <file>${log.base}/${taskAppId}.log</file>
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %messsage%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>
@ -66,7 +67,7 @@
</rollingPolicy> </rollingPolicy>
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %msg%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>

11
dolphinscheduler-server/src/main/resources/logback-worker.xml
Unescape View File

@ -18,20 +18,19 @@
<!-- Logback configuration. See http://logback.qos.ch/manual/index.html --> <!-- Logback configuration. See http://logback.qos.ch/manual/index.html -->
<configuration scan="true" scanPeriod="120 seconds"> <!--debug="true" --> <configuration scan="true" scanPeriod="120 seconds"> <!--debug="true" -->
<conversionRule conversionWord="message" converterClass="org.apache.dolphinscheduler.service.log.SensitiveDataConverter">
</conversionRule>
<property name="log.base" value="logs"/> <property name="log.base" value="logs"/>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %msg%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>
</appender> </appender>
<!-- worker server logback config start --> <!-- worker server logback config start -->
<conversionRule conversionWord="messsage"
converterClass="org.apache.dolphinscheduler.server.log.SensitiveDataConverter"/>
<appender name="TASKLOGFILE" class="ch.qos.logback.classic.sift.SiftingAppender"> <appender name="TASKLOGFILE" class="ch.qos.logback.classic.sift.SiftingAppender">
<!-- <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> <!-- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
<level>INFO</level> <level>INFO</level>
@ -46,7 +45,7 @@
<file>${log.base}/${taskAppId}.log</file> <file>${log.base}/${taskAppId}.log</file>
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %messsage%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>
@ -66,7 +65,7 @@
</rollingPolicy> </rollingPolicy>
<encoder> <encoder>
<pattern> <pattern>
[%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %messsage%n [%level] %date{yyyy-MM-dd HH:mm:ss.SSS} %logger{96}:[%line] - %message%n
</pattern> </pattern>
<charset>UTF-8</charset> <charset>UTF-8</charset>
</encoder> </encoder>

179
dolphinscheduler-server/src/test/java/org/apache/dolphinscheduler/server/log/SensitiveDataConverterTest.java
Unescape View File

@ -1,179 +0,0 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.dolphinscheduler.server.log;
import ch.qos.logback.classic.Level;
import ch.qos.logback.classic.spi.ILoggingEvent;
import ch.qos.logback.classic.spi.IThrowableProxy;
import ch.qos.logback.classic.spi.LoggerContextVO;
import org.apache.dolphinscheduler.common.Constants;
import org.apache.dolphinscheduler.common.utils.SensitiveLogUtils;
import org.junit.Assert;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.Marker;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class SensitiveDataConverterTest {
private final Logger logger = LoggerFactory.getLogger(SensitiveDataConverterTest.class);
/**
* password pattern
*/
private final Pattern pwdPattern = Pattern.compile(Constants.DATASOURCE_PASSWORD_REGEX);
private final String logMsg = "{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\"," +
"\"database\":\"carbond\"," +
"\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\"," +
"\"user\":\"view\"," +
"\"password\":\"view1\"}";
private final String maskLogMsg = "{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\"," +
"\"database\":\"carbond\"," +
"\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\"," +
"\"user\":\"view\"," +
"\"password\":\"******\"}";
@Test
public void convert() {
SensitiveDataConverter sensitiveDataConverter = new SensitiveDataConverter();
String result = sensitiveDataConverter.convert(new ILoggingEvent() {
@Override
public String getThreadName() {
return null;
}
@Override
public Level getLevel() {
return Level.INFO;
}
@Override
public String getMessage() {
return null;
}
@Override
public Object[] getArgumentArray() {
return new Object[0];
}
@Override
public String getFormattedMessage() {
return logMsg;
}
@Override
public String getLoggerName() {
return null;
}
@Override
public LoggerContextVO getLoggerContextVO() {
return null;
}
@Override
public IThrowableProxy getThrowableProxy() {
return null;
}
@Override
public StackTraceElement[] getCallerData() {
return new StackTraceElement[0];
}
@Override
public boolean hasCallerData() {
return false;
}
@Override
public Marker getMarker() {
return null;
}
@Override
public Map<String, String> getMDCPropertyMap() {
return null;
}
@Override
public Map<String, String> getMdc() {
return null;
}
@Override
public long getTimeStamp() {
return 0;
}
@Override
public void prepareForDeferredProcessing() {
}
});
Assert.assertEquals(maskLogMsg, passwordHandler(pwdPattern, logMsg));
}
/**
* mask sensitive logMsg - sql task datasource password
*/
@Test
public void testPwdLogMsgConverter() {
logger.info("parameter : {}", logMsg);
logger.info("parameter : {}", passwordHandler(pwdPattern, logMsg));
Assert.assertNotEquals(logMsg, passwordHandler(pwdPattern, logMsg));
Assert.assertEquals(maskLogMsg, passwordHandler(pwdPattern, logMsg));
}
/**
* password regex test
*
* @param logMsg original log
*/
private static String passwordHandler(Pattern pattern, String logMsg) {
Matcher matcher = pattern.matcher(logMsg);
StringBuffer sb = new StringBuffer(logMsg.length());
while (matcher.find()) {
String password = matcher.group();
String maskPassword = SensitiveLogUtils.maskDataSourcePwd(password);
matcher.appendReplacement(sb, maskPassword);
}
matcher.appendTail(sb);
return sb.toString();
}
}

13
dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/log/SensitiveDataConverter.java → dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/log/SensitiveDataConverter.java
Unescape View File

@ -14,11 +14,9 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.apache.dolphinscheduler.server.log;
package org.apache.dolphinscheduler.service.log;
import ch.qos.logback.classic.pattern.MessageConverter;
import ch.qos.logback.classic.spi.ILoggingEvent;
import org.apache.dolphinscheduler.common.Constants; import org.apache.dolphinscheduler.common.Constants;
import org.apache.dolphinscheduler.common.utils.SensitiveLogUtils; import org.apache.dolphinscheduler.common.utils.SensitiveLogUtils;
import org.apache.dolphinscheduler.common.utils.StringUtils; import org.apache.dolphinscheduler.common.utils.StringUtils;
@ -26,17 +24,18 @@ import org.apache.dolphinscheduler.common.utils.StringUtils;
import java.util.regex.Matcher; import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import ch.qos.logback.classic.pattern.ClassicConverter;
import ch.qos.logback.classic.spi.ILoggingEvent;
/** /**
* sensitive data log converter * sensitive data log converter
*/ */
public class SensitiveDataConverter extends MessageConverter { public class SensitiveDataConverter extends ClassicConverter {
/** /**
* password pattern * password pattern
*/ */
private final Pattern pwdPattern = Pattern.compile(Constants.DATASOURCE_PASSWORD_REGEX); private final Pattern pwdPattern = Pattern.compile(Constants.DATASOURCE_PASSWORD_REGEX);
@Override @Override
public String convert(ILoggingEvent event) { public String convert(ILoggingEvent event) {
@ -68,7 +67,6 @@ public class SensitiveDataConverter extends MessageConverter {
* @param logMsg original log * @param logMsg original log
*/ */
private String passwordHandler(Pattern pwdPattern, String logMsg) { private String passwordHandler(Pattern pwdPattern, String logMsg) {
Matcher matcher = pwdPattern.matcher(logMsg); Matcher matcher = pwdPattern.matcher(logMsg);
StringBuffer sb = new StringBuffer(logMsg.length()); StringBuffer sb = new StringBuffer(logMsg.length());
@ -86,5 +84,4 @@ public class SensitiveDataConverter extends MessageConverter {
return sb.toString(); return sb.toString();
} }
} }

137
dolphinscheduler-service/src/test/java/org/apache/dolphinscheduler/service/log/SensitiveDataConverterTest.java
Unescape View File

@ -0,0 +1,137 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.dolphinscheduler.service.log;
import java.util.Map;
import java.util.function.Function;
import org.junit.Assert;
import org.junit.Test;
import org.slf4j.Marker;
import ch.qos.logback.classic.Level;
import ch.qos.logback.classic.spi.ILoggingEvent;
import ch.qos.logback.classic.spi.IThrowableProxy;
import ch.qos.logback.classic.spi.LoggerContextVO;
public class SensitiveDataConverterTest {
// Use the Function interface to make it easier to create an ILoggingEvent instance.
private static final Function<String, ILoggingEvent> LOGGING_EVENT_CREATOR = (logDetail) -> (new ILoggingEvent() {
@Override
public String getThreadName() {
return null;
}
@Override
public Level getLevel() {
return Level.INFO;
}
@Override
public String getMessage() {
return null;
}
@Override
public Object[] getArgumentArray() {
return new Object[0];
}
@Override
public String getFormattedMessage() {
return logDetail;
}
@Override
public String getLoggerName() {
return null;
}
@Override
public LoggerContextVO getLoggerContextVO() {
return null;
}
@Override
public IThrowableProxy getThrowableProxy() {
return null;
}
@Override
public StackTraceElement[] getCallerData() {
return new StackTraceElement[0];
}
@Override
public boolean hasCallerData() {
return false;
}
@Override
public Marker getMarker() {
return null;
}
@Override
public Map<String, String> getMDCPropertyMap() {
return null;
}
@Override
public Map<String, String> getMdc() {
return null;
}
@Override
public long getTimeStamp() {
return 0;
}
@Override
public void prepareForDeferredProcessing() {
}
});
@Test
public void convert() {
String[] initialLogs = new String[]{
"{\\\"user\\\":\\\"root\\\",\\\"password\\\":\\\"123456\\\","
+ "\\\"address\\\":\\\"jdbc:mysql://localhost:3306\\\","
+ "\\\"database\\\":\\\"dolphinscheduler\\\","
+ "\\\"jdbcUrl\\\":\\\"jdbc:mysql://localhost/dolphinscheduler\\\"}",
"LOGIN_USER:admin, URI:/dolphinscheduler/users/verify-user-name, METHOD:GET, "
+ "ARGS:[User{id=1, userName='admin', userPassword='Qazwsx.741', euserType=ADMIN_USER]}"
};
String[] encryptedLogs = new String[]{
"{\\\"user\\\":\\\"root\\\",\\\"password\\\":\\\"******\\\","
+ "\\\"address\\\":\\\"jdbc:mysql://localhost:3306\\\","
+ "\\\"database\\\":\\\"dolphinscheduler\\\","
+ "\\\"jdbcUrl\\\":\\\"jdbc:mysql://localhost/dolphinscheduler\\\"}",
"LOGIN_USER:admin, URI:/dolphinscheduler/users/verify-user-name, METHOD:GET, "
+ "ARGS:[User{id=1, userName='admin', userPassword='******', euserType=ADMIN_USER]}"
};
SensitiveDataConverter sensitiveDataConverter = new SensitiveDataConverter();
for (int i = 0; i < initialLogs.length; i++) {
Assert.assertEquals(encryptedLogs[i], sensitiveDataConverter.convert(LOGGING_EVENT_CREATOR.apply(initialLogs[i])));
}
}
}

2
pom.xml
Unescape View File

@ -961,7 +961,6 @@
<include>**/server/log/LoggerServerTest.java</include> <include>**/server/log/LoggerServerTest.java</include>
<include>**/server/entity/SQLTaskExecutionContextTest.java</include> <include>**/server/entity/SQLTaskExecutionContextTest.java</include>
<include>**/server/log/MasterLogFilterTest.java</include> <include>**/server/log/MasterLogFilterTest.java</include>
<include>**/server/log/SensitiveDataConverterTest.java</include>
<include>**/server/log/LoggerRequestProcessorTest.java</include> <include>**/server/log/LoggerRequestProcessorTest.java</include>
<!--<include>**/server/log/TaskLogDiscriminatorTest.java</include>--> <!--<include>**/server/log/TaskLogDiscriminatorTest.java</include>-->
<include>**/server/log/TaskLogFilterTest.java</include> <include>**/server/log/TaskLogFilterTest.java</include>
@ -1023,6 +1022,7 @@
<include>**/service/queue/TaskUpdateQueueTest.java</include> <include>**/service/queue/TaskUpdateQueueTest.java</include>
<include>**/service/queue/PeerTaskInstancePriorityQueueTest.java</include> <include>**/service/queue/PeerTaskInstancePriorityQueueTest.java</include>
<include>**/service/log/LogClientServiceTest.java</include> <include>**/service/log/LogClientServiceTest.java</include>
<include>**/service/log/SensitiveDataConverterTest.java</include>
<include>**/service/alert/AlertClientServiceTest.java</include> <include>**/service/alert/AlertClientServiceTest.java</include>
<include>**/service/alert/ProcessAlertManagerTest.java</include> <include>**/service/alert/ProcessAlertManagerTest.java</include>
<include>**/dao/mapper/DataSourceUserMapperTest.java</include> <include>**/dao/mapper/DataSourceUserMapperTest.java</include>

Write Preview
Loading…
Cancel
Save