From ce8e2ec37aefdd52a6953d9b1d55b2ce540fd2a2 Mon Sep 17 00:00:00 2001 From: Valerii Kovalchuk Date: Wed, 14 Sep 2016 15:18:40 +0300 Subject: [PATCH] Prevent logging of result of resources.string() method call The result of resources.string() method is the content of the file saved to string. Logging of binary file content causes UnicodeDecode error. Moreover, logging of any file content can be security issue. Finally, it is just not practical to fill the logs with tons of text from the big files. Change-Id: I87077b002f2a8888c22b4dfba1f7b9f0508fec69 Closes-bug: #1561522 --- murano/engine/system/resource_manager.py | 4 ++++ releasenotes/notes/string-logging-20b8e60a957ba6b7.yaml | 5 +++++ 2 files changed, 9 insertions(+) create mode 100644 releasenotes/notes/string-logging-20b8e60a957ba6b7.yaml diff --git a/murano/engine/system/resource_manager.py b/murano/engine/system/resource_manager.py index 4dcd3257..b5c5a4c1 100644 --- a/murano/engine/system/resource_manager.py +++ b/murano/engine/system/resource_manager.py @@ -19,6 +19,7 @@ import yaml as yamllib from yaql.language import specs from yaql.language import yaqltypes +from murano.dsl import constants from murano.dsl import dsl from murano.dsl import dsl_types from murano.dsl import helpers @@ -52,6 +53,7 @@ class ResourceManager(object): @staticmethod @specs.parameter('owner', dsl.MuranoTypeParameter(nullable=True)) @specs.inject('receiver', yaqltypes.Receiver()) + @specs.meta(constants.META_NO_TRACE, True) def string(receiver, name, owner=None, binary=False): path = ResourceManager._get_package(owner, receiver).get_resource(name) mode = 'rb' if binary else 'rU' @@ -61,12 +63,14 @@ class ResourceManager(object): @classmethod @specs.parameter('owner', dsl.MuranoTypeParameter(nullable=True)) @specs.inject('receiver', yaqltypes.Receiver()) + @specs.meta(constants.META_NO_TRACE, True) def json(cls, receiver, name, owner=None): return jsonlib.loads(cls.string(receiver, name, owner)) @classmethod @specs.parameter('owner', dsl.MuranoTypeParameter(nullable=True)) @specs.inject('receiver', yaqltypes.Receiver()) + @specs.meta(constants.META_NO_TRACE, True) def yaml(cls, receiver, name, owner=None): return yamllib.load( cls.string(receiver, name, owner), Loader=yaml_loader) diff --git a/releasenotes/notes/string-logging-20b8e60a957ba6b7.yaml b/releasenotes/notes/string-logging-20b8e60a957ba6b7.yaml new file mode 100644 index 00000000..7cc3c232 --- /dev/null +++ b/releasenotes/notes/string-logging-20b8e60a957ba6b7.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - Murano engine no longer logs methods ``string()``, ``json()``, and ``yaml()`` + of the 'io.murano.system.Resources' class. This is done to prevent UnicodeDecodeError's + when transferring binary files to murano agent.