summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNelson, Thomas (tn1381) <tn1381@att.com>2019-06-04 12:49:02 -0400
committerNelson, Thomas (tn1381) <tn1381@att.com>2019-06-04 12:49:02 -0400
commitcfafbab668d174714fefd86d70907a089f62395b (patch)
tree7f7bcb3ccccca051ca2a389bebcace5b9e783461
parent95ecf188d200cfe9140423986a5577c1871a2acf (diff)
Fix vulnerability in code where password is
being exposed in logs. Issue-ID: MUSIC-406 Signed-off-by: Nelson, Thomas (tn1381) <tn1381@att.com> Change-Id: I5af16bf25a967ae27875b8c42cf746c3fa857a27
-rwxr-xr-xjar/pom.xml3
-rwxr-xr-xjar/src/main/java/org/onap/music/main/CachingUtil.java2
-rwxr-xr-xjar/src/main/java/org/onap/music/main/MusicUtil.java6
-rw-r--r--jar/version.properties2
4 files changed, 6 insertions, 7 deletions
diff --git a/jar/pom.xml b/jar/pom.xml
index 03b1ef3a..c4e4294f 100755
--- a/jar/pom.xml
+++ b/jar/pom.xml
@@ -25,7 +25,7 @@
<groupId>org.onap.music</groupId>
<artifactId>MUSIC</artifactId>
<packaging>jar</packaging>
- <version>2.5.8</version>
+ <version>2.5.9</version>
<description>
This is the MUSIC REST interface, packaged as a war file.
</description>
@@ -44,6 +44,7 @@
<jaxrs.version>2.0.1</jaxrs.version>
<cassandra.version>3.4.0</cassandra.version>
<zookeeper.version>3.4.11</zookeeper.version>
+ <onap.nexus.url>https://nexus.onap.org</onap.nexus.url>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
diff --git a/jar/src/main/java/org/onap/music/main/CachingUtil.java b/jar/src/main/java/org/onap/music/main/CachingUtil.java
index f0dc06fc..4b293bbb 100755
--- a/jar/src/main/java/org/onap/music/main/CachingUtil.java
+++ b/jar/src/main/java/org/onap/music/main/CachingUtil.java
@@ -319,7 +319,7 @@ public class CachingUtil implements Runnable {
Map<String, Object> resultMap = new HashMap<>();
if (ns == null || userId == null || password == null) {
logger.error(EELFLoggerDelegate.errorLogger,"", AppMessages.MISSINGINFO ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR);
- logger.error(EELFLoggerDelegate.errorLogger,"One or more required headers is missing. userId: "+userId+" :: password: "+password);
+ logger.error(EELFLoggerDelegate.errorLogger,"One or more required headers is missing.");
resultMap.put("Exception",
"One or more required headers appName(ns), userId, password is missing. Please check.");
return resultMap;
diff --git a/jar/src/main/java/org/onap/music/main/MusicUtil.java b/jar/src/main/java/org/onap/music/main/MusicUtil.java
index c36da9d7..686b0d04 100755
--- a/jar/src/main/java/org/onap/music/main/MusicUtil.java
+++ b/jar/src/main/java/org/onap/music/main/MusicUtil.java
@@ -569,12 +569,10 @@ public class MusicUtil {
}
String cassPwd = prop.getProperty("cassandra.password");
String isEncrypted = prop.getProperty("cassandra.password.isencrypted");
- logger.info(EELFLoggerDelegate.applicationLogger,"cassandra.password:" + cassPwd);
- logger.info(EELFLoggerDelegate.applicationLogger,"cassandra.password.isencrypted:" + isEncrypted);
if("true".equals(isEncrypted)) {
- logger.info(EELFLoggerDelegate.applicationLogger,"Decrypting....");
+ logger.debug(EELFLoggerDelegate.applicationLogger,"Decrypting....");
cassPwd = CipherUtil.decryptPKC(cassPwd);
- logger.info(EELFLoggerDelegate.applicationLogger,"Decrypted password: "+cassPwd);
+ logger.debug(EELFLoggerDelegate.applicationLogger,"Password Decrypted");
MusicUtil.setCassPwd(cassPwd);
} else
MusicUtil.setCassPwd(cassPwd);
diff --git a/jar/version.properties b/jar/version.properties
index 2ffa6347..fbd855ff 100644
--- a/jar/version.properties
+++ b/jar/version.properties
@@ -4,7 +4,7 @@
major=2
minor=5
-patch=6
+patch=9
base_version=${major}.${minor}.${patch}