diff options
author | Nelson, Thomas (tn1381) <tn1381@att.com> | 2019-06-04 12:49:02 -0400 |
---|---|---|
committer | Nelson, Thomas (tn1381) <tn1381@att.com> | 2019-06-04 12:49:02 -0400 |
commit | cfafbab668d174714fefd86d70907a089f62395b (patch) | |
tree | 7f7bcb3ccccca051ca2a389bebcace5b9e783461 | |
parent | 95ecf188d200cfe9140423986a5577c1871a2acf (diff) |
Fix vulnerability in code where password is
being exposed in logs.
Issue-ID: MUSIC-406
Signed-off-by: Nelson, Thomas (tn1381) <tn1381@att.com>
Change-Id: I5af16bf25a967ae27875b8c42cf746c3fa857a27
-rwxr-xr-x | jar/pom.xml | 3 | ||||
-rwxr-xr-x | jar/src/main/java/org/onap/music/main/CachingUtil.java | 2 | ||||
-rwxr-xr-x | jar/src/main/java/org/onap/music/main/MusicUtil.java | 6 | ||||
-rw-r--r-- | jar/version.properties | 2 |
4 files changed, 6 insertions, 7 deletions
diff --git a/jar/pom.xml b/jar/pom.xml index 03b1ef3a..c4e4294f 100755 --- a/jar/pom.xml +++ b/jar/pom.xml @@ -25,7 +25,7 @@ <groupId>org.onap.music</groupId> <artifactId>MUSIC</artifactId> <packaging>jar</packaging> - <version>2.5.8</version> + <version>2.5.9</version> <description> This is the MUSIC REST interface, packaged as a war file. </description> @@ -44,6 +44,7 @@ <jaxrs.version>2.0.1</jaxrs.version> <cassandra.version>3.4.0</cassandra.version> <zookeeper.version>3.4.11</zookeeper.version> + <onap.nexus.url>https://nexus.onap.org</onap.nexus.url> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> diff --git a/jar/src/main/java/org/onap/music/main/CachingUtil.java b/jar/src/main/java/org/onap/music/main/CachingUtil.java index f0dc06fc..4b293bbb 100755 --- a/jar/src/main/java/org/onap/music/main/CachingUtil.java +++ b/jar/src/main/java/org/onap/music/main/CachingUtil.java @@ -319,7 +319,7 @@ public class CachingUtil implements Runnable { Map<String, Object> resultMap = new HashMap<>(); if (ns == null || userId == null || password == null) { logger.error(EELFLoggerDelegate.errorLogger,"", AppMessages.MISSINGINFO ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR); - logger.error(EELFLoggerDelegate.errorLogger,"One or more required headers is missing. userId: "+userId+" :: password: "+password); + logger.error(EELFLoggerDelegate.errorLogger,"One or more required headers is missing."); resultMap.put("Exception", "One or more required headers appName(ns), userId, password is missing. Please check."); return resultMap; diff --git a/jar/src/main/java/org/onap/music/main/MusicUtil.java b/jar/src/main/java/org/onap/music/main/MusicUtil.java index c36da9d7..686b0d04 100755 --- a/jar/src/main/java/org/onap/music/main/MusicUtil.java +++ b/jar/src/main/java/org/onap/music/main/MusicUtil.java @@ -569,12 +569,10 @@ public class MusicUtil { } String cassPwd = prop.getProperty("cassandra.password"); String isEncrypted = prop.getProperty("cassandra.password.isencrypted"); - logger.info(EELFLoggerDelegate.applicationLogger,"cassandra.password:" + cassPwd); - logger.info(EELFLoggerDelegate.applicationLogger,"cassandra.password.isencrypted:" + isEncrypted); if("true".equals(isEncrypted)) { - logger.info(EELFLoggerDelegate.applicationLogger,"Decrypting...."); + logger.debug(EELFLoggerDelegate.applicationLogger,"Decrypting...."); cassPwd = CipherUtil.decryptPKC(cassPwd); - logger.info(EELFLoggerDelegate.applicationLogger,"Decrypted password: "+cassPwd); + logger.debug(EELFLoggerDelegate.applicationLogger,"Password Decrypted"); MusicUtil.setCassPwd(cassPwd); } else MusicUtil.setCassPwd(cassPwd); diff --git a/jar/version.properties b/jar/version.properties index 2ffa6347..fbd855ff 100644 --- a/jar/version.properties +++ b/jar/version.properties @@ -4,7 +4,7 @@ major=2 minor=5 -patch=6 +patch=9 base_version=${major}.${minor}.${patch} |