Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-6589

Remove sensitive information from logs

XMLWordPrintable

    • Icon: Bug Report Bug Report
    • Resolution: Fixed
    • Icon: L3 - Default L3 - Default
    • 3.9.3, 3.8.6
    • None
    • None
    • None
    • Not defined

      Brief summary of the bug. What is it ? Where is it ?

      During the variable import, whenever a variable cannot be imported correctly, the ObjectVariableService outputs the contents of that variable, which might contain sensitive information. The whole ObjectVariableService should be analysed for such log messages that might contain sensitive data

      Steps to reproduce:

      Import a variable that is not supported

      Actual result:

      Messages of the form 

      "Variable attribute '{}' of '{}' with type {} and value '{}' is not supported and won't be imported."

      Expected result:

      Either we don't output the value, or, if needed, we only output the values under "DEBUG" log level (and not WARN). At the moment I don't see the added value for outputting the values, so I'd recommend just taking that out of the output message

       

      Testing notes:

      • When importing object variables that can't be imported, no variable values should be logged

        This is the controller panel for Smart Panels app

              Unassigned Unassigned
              giuliano.rodrigues-lima Giuliano Rodrigues Lima
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: