Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SMB2 Passwords Not Masked in FileSystemException #5522

Closed
Abshan opened this issue Nov 30, 2021 · 1 comment · Fixed by wso2/wso2-commons-vfs#113 or wso2/wso2-synapse#2103
Closed

SMB2 Passwords Not Masked in FileSystemException #5522

Abshan opened this issue Nov 30, 2021 · 1 comment · Fixed by wso2/wso2-commons-vfs#113 or wso2/wso2-synapse#2103

Comments

@Abshan
Copy link

Abshan commented Nov 30, 2021

Description:
When an exception is thrown from org.apache.commons.vfs2.FileSystemException, passwords are also getting printed in the log. This is a security concern. This behaviour can be seen in multiple scenarios, for example;

  • If the VFS locking is enabled and could not write to the file.
    Caused by: org.apache.commons.vfs2.FileSystemException: Could not write to "smb2://User:password@[email protected]/Sample/In/sample.txt.lock".
  • If the user doesn't have the required permission to create a folder.
    Caused by: org.apache.commons.vfs2.FileSystemException: Could not create folder "smb2://User:[email protected]/Sample/Fail/No".

Affected Product Version:
WSO2EI-6.6.0

Steps to reproduce:
This behaviour can be reproduced easily when we enable transport.vfs.CreateFolder to true, and try to create a directory in a folder where the user doesn't have the required permission to create a folder. The following sample proxy can be used to reproduce the scenario

1)Create a directory named Sample on a windows machine and create three subdirectories named In, Out and Fail within the test directory.
2) Remove Modify permission for the group or the user.
3) Try out the following proxy

<?xml version="1.0" encoding="UTF-8"?> <proxy name="sample" startOnLoad="true" transports="vfs" xmlns="http://ws.apache.org/ns/synapse"> <target> <inSequence> <log level="custom"> <property name="im at" value="in sequence SMB PROXY"/> </log> <log level="full"/> </drop> </inSequence> <outSequence> <log level="custom"> <property name="im at" value="out sequence"/> </log> </outSequence> <faultSequence/> </target> <parameter name="transport.PollInterval">15</parameter> <parameter name="transport.vfs.FileURI">smb2://User:password@[email protected]/Sample/In</parameter> <parameter name="transport.vfs.ContentType">text/plain</parameter> <parameter name="transport.vfs.ActionAfterProcess">MOVE</parameter> <parameter name="transport.vfs.MoveAfterFailure">smb2://User:password@[email protected]/Sample/Fail/No/Permission</parameter> <parameter name="transport.vfs.ActionAfterFailure">MOVE</parameter> <parameter name="transport.vfs.FileNamePattern">.*</parameter> <parameter name="transport.vfs.CreateFolder">true</parameter> <parameter name="transport.vfs.Locking">disable</parameter> <parameter name="transport.vfs.MoveAfterProcess">smb2://User:password@[email protected]/Sample/Out/No/Permission</parameter> </proxy>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@dumindurox777 @Abshan