search

ICIJ / datashare

A self-hosted search engine for documents.
https://datashare.icij.org
GNU Affero General Public License v3.0
586 stars 52 forks source link

Security concern: Unintended logging of remote services credentials #1296

Closed millaguie closed 6 months ago

millaguie commented 8 months ago

Describe the bug

When using third-party services (ElasticSearch, PostgreSQL), datashare is logging the credentials to connect to those services.

To Reproduce Steps to reproduce the behavior:

On a datshare-backend service using a remote ElasticSearch authenticated with user and password or a remote PostgreSQL server look for the following strings on the logs: "INFO PropertiesProvider - merged properties" On this log line you will find the credentials in use to connect to those services:

2024-01-09 13:24:47.594 
2024-01-09 12:24:47,593 [main] INFO  PropertiesProvider - merged properties (without override) with {parserParallelism=1, batchDownloadDir=/XXX/datashare/app/tmp, cors=no-cors, dataDir=/XXX/datashare/data, parallelism=2, batchQueueType=REDIS, batchThrottleMilliseconds=500, scrollSlices=1, elasticsearchDataPath=/XXX/datashare/es, elasticsearchAddress=https://UNMASKED_ELASTIC_USER:UNMASKED_ELASTIC_PASSSWORD@es-datashare.FULL_ELASTICSEARCH_URL.org, protectedUriPrefix=/api/, redisPoolSize=1, mode=BATCH_SEARCH, digestProjectName=local-datashare, clusterName=datashare, nlpParallelism=1, busType=REDIS, defaultProject=local-datashare, noDigestProject=false, scrollSize=100, ocr=true, embeddedDocumentDownloadMaxSize=1G, messageBusAddress=redis://REDIS_URL:6379, dataSourceUrl=jdbc:postgresql://POSTGRESQL_SERVER:5432/datashare-staging?user=UNMASKED_POSTGRES_USER&password=UNMASKED_POSTGRES_PASSWORD, defaultUserName=local, batchDownloadMaxNbFiles=10000, digestAlgorithm=SHA-384, tcpListenPort=XXX, sessionStoreType=MEMORY, queueName=extract:queue, batchDownloadTimeToLive=24, redisAddress=redis://REDIS_URL:6379, queueType=REDIS, browserOpenLink=false, batchDownloadMaxSize=100M, sessionTtlSeconds=43200}

Expected behavior Secrets should be masked, removed, or hashed with a salt

Screenshots Not applicable

Desktop:

Additional context

github-actions[bot] commented 7 months ago

This issue is stale because it has been open for 40 days with no activity.

github-actions[bot] commented 6 months ago

This issue was closed because it has been inactive for 20 days since being marked as stale.