Details
-
Bug
-
Resolution: Fixed
-
Major
-
6.5.0
-
Triaged
-
Unknown
Description
There is inconsistency between cbbackupmgr's log redaction and that of cblogredaction.
Between a cblogredaction file and cbbackupmgr redacted file, the salts are the same:
head -1 redacted-backup-0.log redacted-cbbackupmgr-collectinfo-backup-2019-07-10T140710/cbbackupmgr-collectinfo-backup-2019-07-10T140710/logs/backup-0.log
|
==> redacted-backup-0.log <==
|
Hash of the salt used to redact the file: 4080da143eca2ca421d25e4ee9bf1ec5d7b0ddbd
|
==> redacted-cbbackupmgr-collectinfo-backup-2019-07-10T140710/cbbackupmgr-collectinfo-backup-2019-07-10T140710/logs/backup-0.log <==
|
Hash of the salt used to redact the file: 4080da143eca2ca421d25e4ee9bf1ec5d7b0ddbd
|
Yet there is a difference between the two redacted files:
diff redacted-backup-0.log redacted-cbbackupmgr-collectinfo-backup-2019-07-10T140710/cbbackupmgr-collectinfo-backup-2019-07-10T140710/logs/backup-0.log
|
|
6c6
|
< 2019-07-10T14:06:58.982+00:00 (Cmd) backup --archive /backup --repo default --cluster http://10.112.191.101 --username <ud>603d914b1b9a2735025eeb291687ac200026ad39</ud> --password ******** --threads 16 --storage forestdb --- > 2019-07-10T14:06:58.982+00:00 (Cmd) backup --archive /backup --repo default --cluster http://10.112.191.101 --username <ud>1eda23758be9e36e5e0d2a6a87de584aaca0193f</ud> --password ******** --threads 16 --storage forestdb
|
From the code, cblogredaction's implementation seems correct:
hash_object = hashlib.sha1((self.salt + str(match.group(2))).encode('utf-8'))
|
But it looks like cbbackupmgr isn't salting. We do correctly salt and hash the salt itself, so this is displaying correctly, but when it comes to redacting the tag contents, we instantiate a new hasher and don't actually use the salt:
func (r *Redactor) redactLine(match string) string {
|
noTags := match[4 : len(match)-5]
|
hasher := sha1.New()
|
hasher.Write([]byte(noTags))
|
return "<ud>" + hex.EncodeToString(hasher.Sum(nil)) + "</ud>"
|