[
https://issues.jboss.org/browse/WFLY-8161?page=com.atlassian.jira.plugin....
]
Marek Kopecký reopened WFLY-8161:
---------------------------------
Reopen, verification fail, new regexp for passwords is "password=.*", original
regexp was ".*password.*".
So for example, "-Da_password_b=bbb" system properties was stored to zip file:
* before actual PR: a_password_b=<Redacted>
* after actual PR: a_password_b=bbb
JDR Subsystem destroys password related system properties
---------------------------------------------------------
Key: WFLY-8161
URL:
https://issues.jboss.org/browse/WFLY-8161
Project: WildFly
Issue Type: Bug
Components: JDR
Affects Versions: 10.0.0.Final, 10.1.0.Final
Reporter: John Mazzitelli
Assignee: Brad Maxwell
Priority: Critical
Fix For: 11.0.0.Alpha1
When you export a JDR, it provides a report of system properties, but to avoid leaking
passwords, it redacts any system property with the string <Redacted> - see
here:
https://github.com/wildfly/wildfly/blob/master/jdr/jboss-as-jdr/src/main/...
One major problem is it never flips the system properties back to their original values!
So once a JDR report is created, no code in the JVM can ever be able to use those password
system properties again - because the password is now changed to the string
"<Redacted>".
To fix, once that "system-properties.txt" file is created, you have to
System.setProperty() those password properties back to their original values.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)