Uploaded image for project: 'WildFly WIP'
  1. WildFly WIP
  2. WFWIP-158

Artemis 2.7.0 logs password for STOMP protocol in clear text in debug logs

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: Artemis
    • Labels:
      None
    • Steps to Reproduce:
      Hide

      Steps to reproduce:

      git clone git@gitlab.mw.lab.eng.bos.redhat.com:jbossqe-eap/messaging-testsuite.git
      cd messaging-testsuite/scripts/
      
      groovy -DEAP_ZIP_URL=https://eap-qe-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/job/eap-7.x-messaging-testing-prepare/703/artifact/jboss-eap.zip PrepareServers7.groovy
      export WORKSPACE=$PWD
      export JBOSS_HOME_1=$WORKSPACE/server1/jboss-eap
      export JBOSS_HOME_2=$WORKSPACE/server2/jboss-eap
      export JBOSS_HOME_3=$WORKSPACE/server3/jboss-eap
      export JBOSS_HOME_4=$WORKSPACE/server4/jboss-eap
      cd ../jboss-hornetq-testsuite/
      mvn clean test -Dtest=SslAuthenticationTestCase#testClusterWithSSL  -Deap7.org.jboss.qa.hornetq.apps.clients.version=7.1553519968-ehsavoie-WFLY-11876-SNAPSHOT -DfailIfNoTests=false | tee log
      
      Show
      Steps to reproduce: git clone git@gitlab.mw.lab.eng.bos.redhat.com:jbossqe-eap/messaging-testsuite.git cd messaging-testsuite/scripts/ groovy -DEAP_ZIP_URL=https: //eap-qe-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/job/eap-7.x-messaging-testing-prepare/703/artifact/jboss-eap.zip PrepareServers7.groovy export WORKSPACE=$PWD export JBOSS_HOME_1=$WORKSPACE/server1/jboss-eap export JBOSS_HOME_2=$WORKSPACE/server2/jboss-eap export JBOSS_HOME_3=$WORKSPACE/server3/jboss-eap export JBOSS_HOME_4=$WORKSPACE/server4/jboss-eap cd ../jboss-hornetq-testsuite/ mvn clean test -Dtest=SslAuthenticationTestCase#testClusterWithSSL -Deap7.org.jboss.qa.hornetq.apps.clients.version=7.1553519968-ehsavoie-WFLY-11876-SNAPSHOT -DfailIfNoTests= false | tee log

      Description

      If TRACE log is enabled for org.apache.activemq.artemis then StompProtoco is logging password in clear text:

      13:48:06,488 DEBUG [org.apache.commons.beanutils.BeanUtils] (ServerService Thread Pool -- 86) BeanUtils.populate(org.apache.activemq.artemis.core.protocol.stomp.StompProtocolManager@2aa25516, {needClientAuth=tru
      e, trustStorePassword=hornetqexample, keyStorePassword=hornetqexample, port=6445, sslEnabled=true, host=127.0.0.1, trustStorePath=/home/hudson/hudson_workspace/workspace/eap-7.x-messaging-weekly-common-ssl/eap-t
      estsuite/jboss-hornetq-testsuite/tests-eap7/src/test/resources/org/jboss/qa/hornetq/test/transportprotocols/hornetq.example.truststore, keyStorePath=/home/hudson/hudson_workspace/workspace/eap-7.x-messaging-week
      ly-common-ssl/eap-testsuite/jboss-hornetq-testsuite/tests-eap7/src/test/resources/org/jboss/qa/hornetq/test/transportprotocols/hornetq.example.keystore})
      ...
      13:48:06,488 TRACE [org.apache.commons.beanutils.BeanUtils] (ServerService Thread Pool -- 86)   setProperty(org.apache.activemq.artemis.core.protocol.stomp.StompProtocolManager@2aa25516, trustStorePassword, horn
      etqexample)
      ...
      13:48:06,489 TRACE [org.apache.commons.beanutils.BeanUtils] (ServerService Thread Pool -- 86)   setProperty(org.apache.activemq.artemis.core.protocol.stomp.StompProtocolManager@2aa25516, keyStorePassword, hornet
      qexample)
      
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  jbertram Justin Bertram
                  Reporter:
                  mnovak Miroslav Novak
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated: