diff options
author | Nelson, Thomas (tn1381) <tn1381@att.com> | 2019-06-04 12:49:02 -0400 |
---|---|---|
committer | Nelson, Thomas (tn1381) <tn1381@att.com> | 2019-06-04 12:49:02 -0400 |
commit | cfafbab668d174714fefd86d70907a089f62395b (patch) | |
tree | 7f7bcb3ccccca051ca2a389bebcace5b9e783461 /jar/src | |
parent | 95ecf188d200cfe9140423986a5577c1871a2acf (diff) |
Fix vulnerability in code where password is
being exposed in logs.
Issue-ID: MUSIC-406
Signed-off-by: Nelson, Thomas (tn1381) <tn1381@att.com>
Change-Id: I5af16bf25a967ae27875b8c42cf746c3fa857a27
Diffstat (limited to 'jar/src')
-rwxr-xr-x | jar/src/main/java/org/onap/music/main/CachingUtil.java | 2 | ||||
-rwxr-xr-x | jar/src/main/java/org/onap/music/main/MusicUtil.java | 6 |
2 files changed, 3 insertions, 5 deletions
diff --git a/jar/src/main/java/org/onap/music/main/CachingUtil.java b/jar/src/main/java/org/onap/music/main/CachingUtil.java index f0dc06fc..4b293bbb 100755 --- a/jar/src/main/java/org/onap/music/main/CachingUtil.java +++ b/jar/src/main/java/org/onap/music/main/CachingUtil.java @@ -319,7 +319,7 @@ public class CachingUtil implements Runnable { Map<String, Object> resultMap = new HashMap<>(); if (ns == null || userId == null || password == null) { logger.error(EELFLoggerDelegate.errorLogger,"", AppMessages.MISSINGINFO ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR); - logger.error(EELFLoggerDelegate.errorLogger,"One or more required headers is missing. userId: "+userId+" :: password: "+password); + logger.error(EELFLoggerDelegate.errorLogger,"One or more required headers is missing."); resultMap.put("Exception", "One or more required headers appName(ns), userId, password is missing. Please check."); return resultMap; diff --git a/jar/src/main/java/org/onap/music/main/MusicUtil.java b/jar/src/main/java/org/onap/music/main/MusicUtil.java index c36da9d7..686b0d04 100755 --- a/jar/src/main/java/org/onap/music/main/MusicUtil.java +++ b/jar/src/main/java/org/onap/music/main/MusicUtil.java @@ -569,12 +569,10 @@ public class MusicUtil { } String cassPwd = prop.getProperty("cassandra.password"); String isEncrypted = prop.getProperty("cassandra.password.isencrypted"); - logger.info(EELFLoggerDelegate.applicationLogger,"cassandra.password:" + cassPwd); - logger.info(EELFLoggerDelegate.applicationLogger,"cassandra.password.isencrypted:" + isEncrypted); if("true".equals(isEncrypted)) { - logger.info(EELFLoggerDelegate.applicationLogger,"Decrypting...."); + logger.debug(EELFLoggerDelegate.applicationLogger,"Decrypting...."); cassPwd = CipherUtil.decryptPKC(cassPwd); - logger.info(EELFLoggerDelegate.applicationLogger,"Decrypted password: "+cassPwd); + logger.debug(EELFLoggerDelegate.applicationLogger,"Password Decrypted"); MusicUtil.setCassPwd(cassPwd); } else MusicUtil.setCassPwd(cassPwd); |