Issue warning that some log levels may contain sensitive data

2024-11-06 08:35:21 +00:00 · 2015-09-14 15:39:17 -06:00 · 2015-09-14 15:39:17 -06:00 · 507fb04683
commit 507fb04683
parent c2c7fe06c8
6 changed files with 32 additions and 2 deletions
--- a/conf/cloud
+++ b/conf/cloud
@ -29,6 +29,9 @@
 # The level of messages to send to the console.
 # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
 #
+# The following log levels are considered INSECURE and may log sensitive data:
+# ['garbage', 'trace', 'debug']
+#
 # Default: 'info'
 #
 #log_level: info
--- a/conf/master
+++ b/conf/master
@ -616,6 +616,10 @@

 # The level of messages to send to the console.
 # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
+#
+# The following log levels are considered INSECURE and may log sensitive data:
+# ['garbage', 'trace', 'debug']
+#
 #log_level: warning

 # The level of messages to send to the log file.
--- a/conf/minion
+++ b/conf/minion
@ -493,6 +493,10 @@

 # The level of messages to send to the console.
 # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
+#
+# The following log levels are considered INSECURE and may log sensitive data:
+# ['garbage', 'trace', 'debug']
+#
 # Default: 'warning'
 #log_level: warning

--- a/salt/init.py
+++ b/salt/init.py
@ -46,7 +46,7 @@ from salt.utils import migrations
 try:
    from salt.utils import parsers, ip_bracket
    from salt.utils.verify import check_user, verify_env, verify_socket
-    from salt.utils.verify import verify_files
+    from salt.utils.verify import verify_files, verify_log
 except ImportError as exc:
    if exc.args[0] != 'No module named _msgpack':
        raise
@ -113,6 +113,7 @@ class Master(parsers.MasterOptionParser):

        self.setup_logfile_logger()
        logger.info('Setting up the Salt Master')
+        verify_log(self.config)

        if self.config['transport'].lower() == 'zeromq':
            if not verify_socket(self.config['interface'],
@ -222,6 +223,7 @@ class Minion(parsers.MinionOptionParser):
                    self.config['id']
                )
            )
+            verify_log(self.config)
            migrations.migrate_paths(self.config)
        if self.config['transport'].lower() == 'zeromq':
            # Late import so logging works correctly
@ -350,6 +352,7 @@ class ProxyMinion(parsers.MinionOptionParser):
                self.config['id']
            )
        )
+        verify_log(self.config)
        migrations.migrate_paths(self.config)
        # Late import so logging works correctly
        import salt.minion
@ -437,6 +440,7 @@ class Syndic(parsers.SyndicOptionParser):
                self.config['id']
            )
        )
+        verify_log(self.config)

        # Late import so logging works correctly
        import salt.minion
--- a/salt/cli/init.py
+++ b/salt/cli/init.py
@ -23,7 +23,7 @@ import salt.auth
 import salt.key

 from salt.utils import parsers, print_cli
-from salt.utils.verify import check_user, verify_env, verify_files
+from salt.utils.verify import check_user, verify_env, verify_files, verify_log
 from salt.exceptions import (
    SaltInvocationError,
    SaltClientError,
@ -56,6 +56,7 @@ class SaltCMD(parsers.SaltCMDOptionParser):

        # Setup file logging!
        self.setup_logfile_logger()
+        verify_log(self.config)

        try:
            # We don't need to bail on config file permission errors
@ -305,6 +306,7 @@ class SaltCP(parsers.SaltCPOptionParser):

        # Setup file logging!
        self.setup_logfile_logger()
+        verify_log(self.config)

        cp_ = salt.cli.cp.SaltCP(self.config)
        cp_.run()
@ -355,6 +357,7 @@ class SaltKey(parsers.SaltKeyOptionParser):
                )

        self.setup_logfile_logger()
+        verify_log(self.config)

        key = salt.key.KeyCLI(self.config)
        if check_user(self.config['user']):
@ -407,6 +410,7 @@ class SaltCall(parsers.SaltCallOptionParser):

        # Setup file logging!
        self.setup_logfile_logger()
+        verify_log(self.config)

        #caller = salt.cli.caller.Caller(self.config)
        caller = salt.cli.caller.Caller.factory(self.config)
@ -452,6 +456,7 @@ class SaltRun(parsers.SaltRunOptionParser):

        # Setup file logging!
        self.setup_logfile_logger()
+        verify_log(self.config)

        runner = salt.runner.Runner(self.config)
        if self.options.doc:
@ -473,6 +478,7 @@ class SaltSSH(parsers.SaltSSHOptionParser):
    '''
    def run(self):
        self.parse_args()
+        verify_log(self.config)

        ssh = salt.client.ssh.SSH(self.config)
        ssh.run()
@ -516,6 +522,7 @@ class SaltAPI(parsers.OptionParser, parsers.ConfigDirMixIn,
            sys.exit(err.errno)

        self.setup_logfile_logger()
+        verify_log(self.config)
        client = salt.client.netapi.NetapiClient(self.config)
        self.daemonize_if_required()
        self.set_pidfile()
--- a/salt/utils/verify.py
+++ b/salt/utils/verify.py
@ -499,3 +499,11 @@ def safe_py_code(code):
        if code.count(bad):
            return False
    return True
+
+
+def verify_log(opts):
+    '''
+    If an insecre logging configuration is found, show a warning
+    '''
+    if opts.get('log_level') in ('garbage', 'trace', 'debug'):
+        log.warn('Insecure logging configuration detected! Sensitive data may be logged.')