From 1f4eadabf9144fa6db7753256195f6e5ead4fe9c Mon Sep 17 00:00:00 2001 From: Martin van Wingerden Date: Wed, 19 Sep 2018 22:11:44 +0200 Subject: [PATCH 1/2] [mysql-persistence] Do not log plain passwords Signed-off-by: Martin van Wingerden --- .../persistence/mysql/internal/MysqlPersistenceService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bundles/persistence/org.openhab.persistence.mysql/java/org/openhab/persistence/mysql/internal/MysqlPersistenceService.java b/bundles/persistence/org.openhab.persistence.mysql/java/org/openhab/persistence/mysql/internal/MysqlPersistenceService.java index 127d0fb52a4..2c1b5b1078f 100644 --- a/bundles/persistence/org.openhab.persistence.mysql/java/org/openhab/persistence/mysql/internal/MysqlPersistenceService.java +++ b/bundles/persistence/org.openhab.persistence.mysql/java/org/openhab/persistence/mysql/internal/MysqlPersistenceService.java @@ -553,7 +553,7 @@ private void connectToDatabase() { } catch (Exception e) { logger.error( "mySQL: Failed connecting to the SQL database using: driverClass={}, url={}, user={}, password={}", - driverClass, url, user, password, e); + driverClass, url, user, password.replaceAll(".", "*"), e); } } From 7d3284098855487f6c44ee1f9390965272437474 Mon Sep 17 00:00:00 2001 From: Martin van Wingerden Date: Thu, 20 Sep 2018 20:35:11 +0200 Subject: [PATCH 2/2] Cleaned many more passwords from logging / toString implementations Signed-off-by: Martin van Wingerden --- .../main/java/org/openhab/action/mail/internal/Mail.java | 5 ++--- .../binding/anel/internal/AnelConnectorThread.java | 3 +-- .../myhome/fcrisciani/connector/MyHomeJavaConnector.java | 2 +- .../org/openhab/binding/ddwrt/internal/DDWRTBinding.java | 1 - .../openhab/binding/dscalarm1/internal/protocol/API.java | 2 +- .../java/org/openhab/binding/ihc/internal/IhcBinding.java | 7 +++---- .../org/openhab/binding/isy/ISYActiveBindingConfig.java | 4 ++-- .../internal/PowerDogLocalApiBinding.java | 2 +- .../binding/rwesmarthome/internal/RWESmarthomeConfig.java | 2 +- .../binding/velux/bridge/comm/BCgetWLANConfig.java | 2 +- .../java/org/openhab/io/caldav/internal/CalDavConfig.java | 2 +- .../main/java/org/openhab/io/caldav/internal/Util.java | 8 ++++---- .../mysql/internal/MysqlPersistenceService.java | 4 ++-- 13 files changed, 20 insertions(+), 24 deletions(-) diff --git a/bundles/action/org.openhab.action.mail/src/main/java/org/openhab/action/mail/internal/Mail.java b/bundles/action/org.openhab.action.mail/src/main/java/org/openhab/action/mail/internal/Mail.java index 5b33c342e7e..e3265b417ef 100644 --- a/bundles/action/org.openhab.action.mail/src/main/java/org/openhab/action/mail/internal/Mail.java +++ b/bundles/action/org.openhab.action.mail/src/main/java/org/openhab/action/mail/internal/Mail.java @@ -163,9 +163,8 @@ static public boolean sendMail(@ParamDoc(name = "to") String to, @ParamDoc(name } else { logger.error( "Cannot send e-mail because of missing configuration settings. The current settings are: " - + "Host: '{}', port '{}', from '{}', startTLSEnabled: {}, sslOnConnect: {}, username: '{}', password '{}'", - new Object[] { hostname, String.valueOf(port), from, String.valueOf(startTLSEnabled), - String.valueOf(sslOnConnect), username, password }); + + "Host: '{}', port '{}', from '{}', startTLSEnabled: {}, sslOnConnect: {}, username: '{}'", + hostname, port, from, startTLSEnabled, sslOnConnect, username); } return success; diff --git a/bundles/binding/org.openhab.binding.anel/src/main/java/org/openhab/binding/anel/internal/AnelConnectorThread.java b/bundles/binding/org.openhab.binding.anel/src/main/java/org/openhab/binding/anel/internal/AnelConnectorThread.java index 1d86cd4d824..17162b8dd16 100644 --- a/bundles/binding/org.openhab.binding.anel/src/main/java/org/openhab/binding/anel/internal/AnelConnectorThread.java +++ b/bundles/binding/org.openhab.binding.anel/src/main/java/org/openhab/binding/anel/internal/AnelConnectorThread.java @@ -287,7 +287,6 @@ public void run() { @Override public String toString() { return "Anel connection to '" + state.host + "', send UDP port " + connector.sendPort + ", receive UDP port " - + connector.receivePort + ", user='" + user + "', password='" + password + "', cache period=" - + cachePeriod + "min."; + + connector.receivePort + ", user='" + user + "', cache period=" + cachePeriod + "min."; } } diff --git a/bundles/binding/org.openhab.binding.bticino/src/main/java/com/myhome/fcrisciani/connector/MyHomeJavaConnector.java b/bundles/binding/org.openhab.binding.bticino/src/main/java/com/myhome/fcrisciani/connector/MyHomeJavaConnector.java index 7d49218c443..cb686f495eb 100755 --- a/bundles/binding/org.openhab.binding.bticino/src/main/java/com/myhome/fcrisciani/connector/MyHomeJavaConnector.java +++ b/bundles/binding/org.openhab.binding.bticino/src/main/java/com/myhome/fcrisciani/connector/MyHomeJavaConnector.java @@ -153,7 +153,7 @@ public MyHomeJavaConnector(final String ip, final int port, final String passwd) this.ip = ip; this.port = port; this.passwd = passwd; - logger.debug("Created MyHomeJavaConnector with ip = {}, port = {} and password {}", ip, port, passwd); + logger.debug("Created MyHomeJavaConnector with ip = {}, port = {}", ip, port); this.commandMutex = new Semaphore(1, true); this.commandQueue = new PriorityCommandQueue(); this.commandQueueThread = new Thread(new PriorityQueueThread(this, commandQueue), "TailThread"); diff --git a/bundles/binding/org.openhab.binding.ddwrt/src/main/java/org/openhab/binding/ddwrt/internal/DDWRTBinding.java b/bundles/binding/org.openhab.binding.ddwrt/src/main/java/org/openhab/binding/ddwrt/internal/DDWRTBinding.java index 11dad92b960..7ffa097af54 100644 --- a/bundles/binding/org.openhab.binding.ddwrt/src/main/java/org/openhab/binding/ddwrt/internal/DDWRTBinding.java +++ b/bundles/binding/org.openhab.binding.ddwrt/src/main/java/org/openhab/binding/ddwrt/internal/DDWRTBinding.java @@ -258,7 +258,6 @@ public void run() { send(client, username); } receive(client); // password: - logger.trace("TelnetCommandThread password ({})", password); send(client, password); receive(client); // welcome text send(client, cmdString); diff --git a/bundles/binding/org.openhab.binding.dscalarm/src/main/java/org/openhab/binding/dscalarm1/internal/protocol/API.java b/bundles/binding/org.openhab.binding.dscalarm/src/main/java/org/openhab/binding/dscalarm1/internal/protocol/API.java index 8e776af1633..510e7605071 100644 --- a/bundles/binding/org.openhab.binding.dscalarm/src/main/java/org/openhab/binding/dscalarm1/internal/protocol/API.java +++ b/bundles/binding/org.openhab.binding.dscalarm/src/main/java/org/openhab/binding/dscalarm1/internal/protocol/API.java @@ -300,7 +300,7 @@ public boolean sendCommand(APICode apiCode, String... apiData) { } if (password == null || password.length() < 1 || password.length() > 6) { - logger.error("sendCommand(): Password is invalid, must be between 1 and 6 chars", password); + logger.error("sendCommand(): Password is invalid, must be between 1 and 6 chars"); break; } data = password; diff --git a/bundles/binding/org.openhab.binding.ihc/src/main/java/org/openhab/binding/ihc/internal/IhcBinding.java b/bundles/binding/org.openhab.binding.ihc/src/main/java/org/openhab/binding/ihc/internal/IhcBinding.java index 4f826f001a5..82a5c4e648c 100644 --- a/bundles/binding/org.openhab.binding.ihc/src/main/java/org/openhab/binding/ihc/internal/IhcBinding.java +++ b/bundles/binding/org.openhab.binding.ihc/src/main/java/org/openhab/binding/ihc/internal/IhcBinding.java @@ -151,8 +151,7 @@ public void connect() throws IhcExecption { if (StringUtils.isNotBlank(ip) && StringUtils.isNotBlank(username) && StringUtils.isNotBlank(password)) { - logger.info("Connecting to IHC / ELKO LS controller [IP='{}' Username='{}' Password='{}'].", - new Object[] { ip, username, "******" }); + logger.info("Connecting to IHC / ELKO LS controller [IP='{}' Username='{}'].", ip, username); ihc = new IhcClient(ip, username, password, timeout); ihc.setProjectFile(projectFile); @@ -163,8 +162,8 @@ public void connect() throws IhcExecption { } else { logger.warn( - "Couldn't connect to IHC controller because of missing connection parameters [IP='{}' Username='{}' Password='{}'].", - new Object[] { ip, username, "******" }); + "Couldn't connect to IHC controller because of missing connection parameters [IP='{}' Username='{}' Password={}].", + ip, username, StringUtils.isBlank(password) ? "Missing" : "Configured"); } } diff --git a/bundles/binding/org.openhab.binding.isy/src/main/java/org/openhab/binding/isy/ISYActiveBindingConfig.java b/bundles/binding/org.openhab.binding.isy/src/main/java/org/openhab/binding/isy/ISYActiveBindingConfig.java index a0fecfbdf03..7772a7d34e8 100644 --- a/bundles/binding/org.openhab.binding.isy/src/main/java/org/openhab/binding/isy/ISYActiveBindingConfig.java +++ b/bundles/binding/org.openhab.binding.isy/src/main/java/org/openhab/binding/isy/ISYActiveBindingConfig.java @@ -44,9 +44,9 @@ public class ISYActiveBindingConfig { public ISYActiveBindingConfig(Map config) { this.logger.info( - "OpenHab Binding Configuration(refresh='{}',upnp='{}',uuid='{}',ip='{}',port='{}',user='{}',password='{}')", + "openHAB Binding Configuration(refresh='{}',upnp='{}',uuid='{}',ip='{}',port='{}',user='{}')", config.get("refresh"), config.get("upnp"), config.get("uuid"), config.get("ip"), config.get("port"), - config.get("user"), "xxxxxx"); + config.get("user")); if (isNotBlank((String) config.get("refresh"))) { refreshInterval = Long.parseLong((String) config.get("refresh")); diff --git a/bundles/binding/org.openhab.binding.powerdoglocalapi/src/main/java/org/openhab/binding/powerdoglocalapi/internal/PowerDogLocalApiBinding.java b/bundles/binding/org.openhab.binding.powerdoglocalapi/src/main/java/org/openhab/binding/powerdoglocalapi/internal/PowerDogLocalApiBinding.java index 8d34d63f482..9b67667def2 100644 --- a/bundles/binding/org.openhab.binding.powerdoglocalapi/src/main/java/org/openhab/binding/powerdoglocalapi/internal/PowerDogLocalApiBinding.java +++ b/bundles/binding/org.openhab.binding.powerdoglocalapi/src/main/java/org/openhab/binding/powerdoglocalapi/internal/PowerDogLocalApiBinding.java @@ -539,7 +539,7 @@ static class PowerDogLocalApiServerConfig { public String toString() { String displayPassword = "[not set]"; if (StringUtils.isNotBlank(password)) { - displayPassword = "[set]*****"; + displayPassword = "[set]"; } return "PowerDogLocalApiServerCache [host=" + host + ", password=" + displayPassword + ", lastUpdate=" + lastUpdate + ", cache=" + cache + "]"; diff --git a/bundles/binding/org.openhab.binding.rwesmarthome/src/main/java/org/openhab/binding/rwesmarthome/internal/RWESmarthomeConfig.java b/bundles/binding/org.openhab.binding.rwesmarthome/src/main/java/org/openhab/binding/rwesmarthome/internal/RWESmarthomeConfig.java index a40f9b7fe59..b480921eda2 100644 --- a/bundles/binding/org.openhab.binding.rwesmarthome/src/main/java/org/openhab/binding/rwesmarthome/internal/RWESmarthomeConfig.java +++ b/bundles/binding/org.openhab.binding.rwesmarthome/src/main/java/org/openhab/binding/rwesmarthome/internal/RWESmarthomeConfig.java @@ -168,7 +168,7 @@ public boolean isValid() { @Override public String toString() { return new ToStringBuilder(this, ToStringStyle.SHORT_PREFIX_STYLE).append("host", host) - .append("username", username).append("password", "*****").append("aliveInterval", aliveInterval) + .append("username", username).append("aliveInterval", aliveInterval) .append("bindingChangedInterval", bindingChangedInterval).toString(); } diff --git a/bundles/binding/org.openhab.binding.velux/src/main/java/org/openhab/binding/velux/bridge/comm/BCgetWLANConfig.java b/bundles/binding/org.openhab.binding.velux/src/main/java/org/openhab/binding/velux/bridge/comm/BCgetWLANConfig.java index de05a06bf18..9a37ced73e5 100644 --- a/bundles/binding/org.openhab.binding.velux/src/main/java/org/openhab/binding/velux/bridge/comm/BCgetWLANConfig.java +++ b/bundles/binding/org.openhab.binding.velux/src/main/java/org/openhab/binding/velux/bridge/comm/BCgetWLANConfig.java @@ -81,7 +81,7 @@ public String getSSID() { @Override public String toString() { - return String.format("SSID={},password={}", this.name, this.password); + return String.format("SSID=%s,password=********", this.name); } } diff --git a/bundles/io/org.openhab.io.caldav/src/main/java/org/openhab/io/caldav/internal/CalDavConfig.java b/bundles/io/org.openhab.io.caldav/src/main/java/org/openhab/io/caldav/internal/CalDavConfig.java index 60277877c18..3e1e9b12381 100644 --- a/bundles/io/org.openhab.io.caldav/src/main/java/org/openhab/io/caldav/internal/CalDavConfig.java +++ b/bundles/io/org.openhab.io.caldav/src/main/java/org/openhab/io/caldav/internal/CalDavConfig.java @@ -123,7 +123,7 @@ public void setCharset(String charset) { @Override public String toString() { - return "CalDavConfig [key=" + key + ", username=" + username + ", password=" + password + ", url=" + url + return "CalDavConfig [key=" + key + ", username=" + username + ", url=" + url + ", reloadMinutes=" + reloadMinutes + ", preloadMinutes=" + preloadMinutes + ", disableCertificateVerification=" + disableCertificateVerification + ", lastModifiedFileTimeStampValid=" + lastModifiedFileTimeStampValid + "]"; diff --git a/bundles/io/org.openhab.io.caldav/src/main/java/org/openhab/io/caldav/internal/Util.java b/bundles/io/org.openhab.io.caldav/src/main/java/org/openhab/io/caldav/internal/Util.java index 1bb79f1ff35..4be93b94a5f 100644 --- a/bundles/io/org.openhab.io.caldav/src/main/java/org/openhab/io/caldav/internal/Util.java +++ b/bundles/io/org.openhab.io.caldav/src/main/java/org/openhab/io/caldav/internal/Util.java @@ -122,8 +122,8 @@ public static Sardine getConnection(CalDavConfig config) { if (url.startsWith(HTTP_URL_PREFIX)) { log.error("do not use '{}' if no ssl is used", CalDavLoaderImpl.PROP_DISABLE_CERTIFICATE_VERIFICATION); } - log.trace("connecting to caldav '{}' with disabled certificate verification (url={}, username={}, password={})", - key, url, userName, password); + log.trace("connecting to caldav '{}' with disabled certificate verification (url={}, username={})", + key, url, userName); HttpClientBuilder httpClientBuilder = HttpClientBuilder.create().setHostnameVerifier(new AllowAllHostnameVerifier()); try { httpClientBuilder.setSslcontext(new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() { @@ -146,8 +146,8 @@ public boolean isTrusted(X509Certificate[] arg0, String arg1) throws Certificate return new SardineImpl(httpClientBuilder, userName, password); } } else { - log.trace("connecting to caldav '{}' (url={}, username={}, password={})", - key, url, userName, password); + log.trace("connecting to caldav '{}' (url={}, username={})", + key, url, userName); if (StringUtils.isEmpty(userName) && StringUtils.isEmpty(password)) { log.trace("connecting without credentials for '{}'", key); return new SardineImpl(); diff --git a/bundles/persistence/org.openhab.persistence.mysql/java/org/openhab/persistence/mysql/internal/MysqlPersistenceService.java b/bundles/persistence/org.openhab.persistence.mysql/java/org/openhab/persistence/mysql/internal/MysqlPersistenceService.java index 2c1b5b1078f..28aa908104f 100644 --- a/bundles/persistence/org.openhab.persistence.mysql/java/org/openhab/persistence/mysql/internal/MysqlPersistenceService.java +++ b/bundles/persistence/org.openhab.persistence.mysql/java/org/openhab/persistence/mysql/internal/MysqlPersistenceService.java @@ -552,8 +552,8 @@ private void connectToDatabase() { st.close(); } catch (Exception e) { logger.error( - "mySQL: Failed connecting to the SQL database using: driverClass={}, url={}, user={}, password={}", - driverClass, url, user, password.replaceAll(".", "*"), e); + "mySQL: Failed connecting to the SQL database using: driverClass={}, url={}, user={}", + driverClass, url, user, e); } }