Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-6589

Remove sensitive information from logs

    XMLWordPrintable

Details

    • Bug Report
    • Resolution: Fixed
    • L3 - Default
    • 3.9.3, 3.8.6
    • None
    • None
    • None
    • Not defined

    Description

      Brief summary of the bug. What is it ? Where is it ?

      During the variable import, whenever a variable cannot be imported correctly, the ObjectVariableService outputs the contents of that variable, which might contain sensitive information. The whole ObjectVariableService should be analysed for such log messages that might contain sensitive data

      Steps to reproduce:

      Import a variable that is not supported

      Actual result:

      Messages of the form 

      "Variable attribute '{}' of '{}' with type {} and value '{}' is not supported and won't be imported."

      Expected result:

      Either we don't output the value, or, if needed, we only output the values under "DEBUG" log level (and not WARN). At the moment I don't see the added value for outputting the values, so I'd recommend just taking that out of the output message

       

      Testing notes:

      • When importing object variables that can't be imported, no variable values should be logged

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Activity

            People

              Unassigned Unassigned
              giuliano.rodrigues-lima Giuliano Rodrigues Lima
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Salesforce