Skip to content

Commit

Permalink
[Heartbeat] Stop logging sensitive params (#28774)
Browse files Browse the repository at this point in the history
* [Heartbeat] Stop logging sensitive params

This change causes heartbeat to no longer log parameter values, instead
interpolating an opaque string.

Fixes #28771

We now create logs like:
```
2021-11-02T17:25:27.804-0500    INFO    synthexec/synthexec.go:148      Running command: /tmp/elastic-synthetics-unzip-714880603/node_modules/.bin/elastic-synthetics /tmp/elastic-synthetics-unzip-714880603/node_modules/.bin/elastic-synthetics /tmp/elastic-synthetics-unzip-714880603 --screenshots on --rich-events --params "{1 hidden params}" in directory: '/tmp/elastic-synthetics-unzip-714880603'
```

* Changelog

(cherry picked from commit 40e949d)
  • Loading branch information
andrewvc authored and mergify-bot committed Nov 2, 2021
1 parent 835a241 commit cc5eb92
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 8 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Fix broken seccomp filtering and improve security via `setcap` and `setuid` when running as root on linux in containers. {pull}27878[27878]
- Log browser `zip_url` download failures as `warn` instead of as `info`. {pull}28440[28440]
- Properly locate base stream in fleet configs. {pull}28455[28455]
- Stop logging params values. {pull}28774[28774]

*Journalbeat*

Expand Down
19 changes: 11 additions & 8 deletions x-pack/heartbeat/monitors/browser/synthexec/synthexec.go
Original file line number Diff line number Diff line change
Expand Up @@ -122,11 +122,6 @@ func runCmd(
cmd.Env = append(os.Environ(), "NODE_ENV=production")
cmd.Args = append(cmd.Args, "--rich-events")

if len(params) > 0 {
paramsBytes, _ := json.Marshal(params)
cmd.Args = append(cmd.Args, "--params", string(paramsBytes))
}

if len(filterJourneys.Tags) > 0 {
cmd.Args = append(cmd.Args, "--tags", strings.Join(filterJourneys.Tags, " "))
}
Expand All @@ -135,14 +130,22 @@ func runCmd(
cmd.Args = append(cmd.Args, "--match", filterJourneys.Match)
}

// Variant of the command with no params, which could contain sensitive stuff
loggableCmd := exec.Command(cmd.Path, cmd.Args...)
if len(params) > 0 {
paramsBytes, _ := json.Marshal(params)
cmd.Args = append(cmd.Args, "--params", string(paramsBytes))
loggableCmd.Args = append(loggableCmd.Args, "--params", fmt.Sprintf("\"{%d hidden params}\"", len(params)))
}

// We need to pass both files in here otherwise we get a broken pipe, even
// though node only touches the writer
cmd.ExtraFiles = []*os.File{jsonWriter, jsonReader}
// Out fd is always 3 since it's the only FD passed into cmd.ExtraFiles
// see the docs for ExtraFiles in https://golang.org/pkg/os/exec/#Cmd
cmd.Args = append(cmd.Args, "--outfd", "3")

logp.Info("Running command: %s in directory: '%s'", cmd.String(), cmd.Dir)
logp.Info("Running command: %s in directory: '%s'", loggableCmd.String(), cmd.Dir)

if stdinStr != nil {
logp.Debug(debugSelector, "Using stdin str %s", *stdinStr)
Expand Down Expand Up @@ -189,14 +192,14 @@ func runCmd(
err := cmd.Wait()
jsonWriter.Close()
jsonReader.Close()
logp.Info("Command has completed(%d): %s", cmd.ProcessState.ExitCode(), cmd.String())
logp.Info("Command has completed(%d): %s", cmd.ProcessState.ExitCode(), loggableCmd.String())
if err != nil {
str := fmt.Sprintf("command exited with status %d: %s", cmd.ProcessState.ExitCode(), err)
mpx.writeSynthEvent(&SynthEvent{
Type: "cmd/status",
Error: &SynthError{Name: "cmdexit", Message: str},
})
logp.Warn("Error executing command '%s' (%d): %s", cmd.String(), cmd.ProcessState.ExitCode(), err)
logp.Warn("Error executing command '%s' (%d): %s", loggableCmd.String(), cmd.ProcessState.ExitCode(), err)
}
wg.Wait()
mpx.Close()
Expand Down

0 comments on commit cc5eb92

Please sign in to comment.