Opened at 2013-07-26T01:37:06Z
Last modified at 2020-10-30T12:35:44Z
#2037 closed defect
cloud/S3 backend fails to redact ProductToken and UserToken from S3 error messages — at Version 1
| Reported by: | daira | Owned by: | daira |
|---|---|---|---|
| Priority: | major | Milestone: | soon |
| Component: | unknown | Version: | 1.9.0-s3branch |
| Keywords: | security logging s3 cloud-backend ticket999-S3-backend blocks-cloud-deployment | Cc: | |
| Launchpad Bug: |
Description (last modified by daira)
Here's an example of LeastAuthority.com secrets being leaked in an S3 error message (I've replaced the actual secrets with "THIS_SHOULD_NOT_BE_HERE" for this bug report):
[Failure instance: Traceback: <class 'lae_automation.endtoend.CheckFailed'>:
Error for 107.22.17.1: could not create test file: [Failure instance: Traceback (failure with no frames):
<class 'allmydata.mutable.common.NotEnoughServersError'>: ('Publish ran out of good servers, last failure was:
[Failure instance: Traceback (failure with no frames): <class \'foolscap.tokens.RemoteException\'>:
<RemoteException around \'[CopiedFailure instance: Traceback from remote host -- Traceback (most recent call last):\n
File "/usr/local/lib/python2.6/dist-packages/Twisted-11.1.0-py2.6-linux-i686.egg/twisted/internet/tcp.py", line 277, in connectionLost\n
protocol.connectionLost(reason)\n
File "/usr/local/lib/python2.6/dist-packages/Twisted-11.1.0-py2.6-linux-i686.egg/twisted/web/client.py", line 191, in connectionLost\n
self.factory._disconnectedDeferred.callback(None)\n
File "/usr/local/lib/python2.6/dist-packages/Twisted-11.1.0-py2.6-linux-i686.egg/twisted/internet/defer.py", line 362, in callback\n
self._startRunCallbacks(result)\n
File "/usr/local/lib/python2.6/dist-packages/Twisted-11.1.0-py2.6-linux-i686.egg/twisted/internet/defer.py", line 458, in _startRunC\n
\n-- TRACEBACK ELIDED --\n\n
client/base.py", line 46, in error_wrapper\n
raise fallback_error\n
allmydata.storage.backends.s3.s3_common.TahoeS3Error: (\'400\', \'400 Bad Request\',
\'<?xml version="1.0" encoding="UTF-8"?>\\n
<Error><Code>InvalidToken</Code>
<Message>The provided token is malformed or otherwise invalid.</Message>
<RequestId>266AB3D40D3E8F00</RequestId><HostId>IXcXMiM5tH07dLaANbZsgKe4rqkFF7yMBmfGlhWqZfdd9i6FqUiuUcsgEc6cmrAW</HostId>
<Token-1>{ProductToken} THIS_SHOULD_NOT_BE_HERE </Token-1>
<Token-0>{UserToken} THIS_SHOULD_NOT_BE_HERE </Token-0>
</Error>\')\n
]\'>\n]', None)
The storage server is running ticket999-S3-backend, but the problem also occurs for the current 1819-cloud-merge branch. (The latter redacts SignatureDoesNotMatch errors but not InvalidToken errors.)
Change History (1)
comment:1 Changed at 2013-07-26T01:40:04Z by daira
- Description modified (diff)
- Status changed from new to assigned
Note: See
TracTickets for help on using
tickets.
