Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Invalid
-
Impala 3.1.0
-
ghx-label-6
Description
The build for "asf-master-core-asan" failed due to IMPALA-8128. The log tried to then upload core files to AWS. In doing so, the (presumably temporary) AWS tokens were leaked into the build log:
20:42:08 2019-01-25 20:42:08,728 - boto - DEBUG - StringToSign: 20:42:08 HEAD 20:42:08 Sat, 26 Jan 2019 04:42:08 GMT 20:42:08 x-amz-security-token:FQ...4gU= 20:42:08 /impala-coredump-archive/ 20:42:08 2019-01-25 20:42:08,729 - boto - DEBUG - Signature: 20:42:08 AWS ASIA...g= 20:42:08 2019-01-25 20:42:08,729 - boto - DEBUG - Final headers: {'Date': 'Sat, 26 Jan 2019 04:42:08 GMT', 'Content-Length': '0', 'Authorization': u'AWS ASIAV...8ev4gU=', 'User-Agent': 'Boto/2.48.0 Python/2.7.5 Linux/3.10.0-693.5.2.el7.x86_64'} 20:42:08 2019-01-25 20:42:08,800 - boto - DEBUG - Response headers: [('x-amz-bucket-region', 'us-west-2'), ('x-amz-id-2', 'MXD...U='), ('server', 'AmazonS3'), ('transfer-encoding', 'chunked'), ('x-amz-request-id', 'FB38CC160531DCFF'), ('date', 'Sat, 26 Jan 2019 04:42:09 GMT'), ('content-type', 'application/xml')]
Even if these tokens are somehow benign (are expired by the time someone reads them), the "optics" are bad: security tokens should be secure; they should not be dumped to logs.
As a workaround, if the team feels they do need the tokens, elide the tokens as done in the text above. Provide enough characters to verify that the token is the one expected, but leave off most of the text. Not ideal, but better than exposing the entire token.