search

alibaba / spring-cloud-alibaba

Spring Cloud Alibaba provides a one-stop solution for application development for the distributed solutions of Alibaba middleware.
https://sca.aliyun.com
Apache License 2.0
27.81k stars 8.31k forks source link

如果注册到注册中心失败,打印的日志内容含有敏感信息 #3837

Closed Happy-26 closed 1 week ago

Happy-26 commented 2 weeks ago

com.alibaba.cloud.nacos.registry.NacosServiceRegistry 类中,如果注册失败会打印错误日志,此时会将nacos的用户名和密码明文打印出来。

@Override
public void register(Registration registration) {

      if (StringUtils.isEmpty(registration.getServiceId())) {
          log.warn("No service to register for nacos client...");
          return;
      }

      NamingService namingService = namingService();
      String serviceId = registration.getServiceId();
      String group = nacosDiscoveryProperties.getGroup();

      Instance instance = getNacosInstanceFromRegistration(registration);

      try {
          namingService.registerInstance(serviceId, group, instance);
          log.info("nacos registry, {} {} {}:{} register finished", group, serviceId,
                  instance.getIp(), instance.getPort());
      }
      catch (Exception e) {
          if (nacosDiscoveryProperties.isFailFast()) {
                                    // 此时会将nacos的用户名和密码明文打印出来。
              log.error("nacos registry, {} register failed...{},", serviceId,
                      registration.toString(), e);
              rethrowRuntimeException(e);
          }
          else {
              log.warn("Failfast is false. {} register failed...{},", serviceId,
                      registration.toString(), e);
          }
      }
}

建议此处不打印敏感信息

ruansheng8 commented 2 weeks ago

I will fix it.