search

xwikisas / application-googleapps

Google Apps Integration
0 stars 4 forks source link

The application may be leaking secrets in the server logs #47

Open aubincleme opened 4 years ago

aubincleme commented 4 years ago

When using the button "Edit in Google Apps", the application is putting quite a lot of log entries with sensitive information, here is an example of the logs being produced :

GOOGLEAPPS: SCOPE config: drive avatar.
GOOGLEAPPS: APPNAME: xwiki
GOOGLEAPPS: CLIENTID: XXXXXXXXXXXX.apps.googleusercontent.com
GOOGLEAPPS: SCOPE: [https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/userinfo.profile, https://www.googleapis.com/auth/drive]
GOOGLEAPPS: In authorize
GOOGLEAPPS: Trying to get credentials from authorization code: XXXXXXXXXXXX
GOOGLEAPPS: Token: [access_token:XXXXXXXXXXXX, expires_in:3598, id_token:XXXXXXXXXXXX, scope:https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/drive openid https://www.googleapis.com/auth/userinfo.profile, token_type:Bearer]
GOOGLEAPPS: Failure to create refresh token
2020-05-18 11:41:07,345 [http://myServer/xwiki/bin/view/GoogleApps/OAuth?code=4/XXXXXXXXXXXX&scope=email%20profile%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20https://www.googleapis.com/auth/drive%20openid&authuser=0&hd=xwiki.com&prompt=none] INFO  nticationPersistenceStoreTools - text to encrypt : xwiki:XWiki.Admin 
2020-05-18 11:41:07,350 [http://myServer/xwiki/bin/view/GoogleApps/OAuth?code=4/XXXXXXXXXXXX&scope=email%20profile%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile%20https://www.googleapis.com/auth/drive%20openid&authuser=0&hd=xwiki.com&prompt=none] INFO  nticationPersistenceStoreTools - encrypted text : XXXXXXXXXXXX

From this extract, most items may not be that sensitive, however, considering the amount of information in the logs, it would be great to have a review of what we log, and what we don't.

polx commented 4 years ago

I'm fine to remove it. Let us ask the original author if there is a situation he anticipated, where this was to be useful... Or?

polx commented 4 years ago

That said, any admin will have access to this in some fashion if needed... so there is no big security gain by hiding this.