Openbravo Issue Tracking System - Retail Modules
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0045964Retail ModulesWeb POSpublic2021-02-26 17:072021-03-02 14:05
Reporterlbressan 
Assigned Toranjith_qualiantech_com 
PriorityhighSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product VersionRR20Q4 
Target VersionFixed in VersionRR21Q2 
Merge Request Statusapproved
Review Assigned To
OBNetwork customerGold
Support ticket22248
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0045964: Sensitive information exposed in Openbravo.log
DescriptionThe SecuredJSONProcess class in the method secureExec(Writer w, JSONObject jsonsent) logs all the json processed including Sensitive information.

The customer's class: CustomerRegistrationService is extending JSONProcessSimple Class which in turn extends the SecuredJSONProcess class of the module org.openbravo.mobile.core.process.SecuredJSONProcess within which the method secureExec(Writer w, JSONObject jsonsent) has the logger line which is causing the response from the completion of the process to be logged into the log file, screenshot of the code attached in the ticket for reference.
Steps To ReproduceDefine a class Java that extend JSONProcessSimple
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
Attached Filespng Screenshot from 2021-02-26 17-57-17.png (214,731) 2021-02-26 17:07
https://issues.openbravo.com/file_download.php?file_id=15352&type=bug
png
Issue History
Date ModifiedUsernameFieldChange
2021-02-26 17:07lbressanNew Issue
2021-02-26 17:07lbressanAssigned To => Retail
2021-02-26 17:07lbressanFile Added: Screenshot from 2021-02-26 17-57-17.png
2021-02-26 17:07lbressanOBNetwork customer => Gold
2021-02-26 17:07lbressanTriggers an Emergency Pack => No
2021-03-01 20:07lbressanSupport ticket => 22248
2021-03-01 20:07lbressanResolution time => 1615762800
2021-03-02 13:39ranjith_qualiantech_comAssigned ToRetail => ranjith_qualiantech_com
2021-03-02 13:39ranjith_qualiantech_comStatusnew => scheduled
2021-03-02 13:46hgbotMerge Request Status => open
2021-03-02 13:46hgbotNote Added: 0126474
2021-03-02 14:05hgbotMerge Request Statusopen => approved
2021-03-02 14:05hgbotResolutionopen => fixed
2021-03-02 14:05hgbotStatusscheduled => closed
2021-03-02 14:05hgbotFixed in Version => RR21Q2
2021-03-02 14:05hgbotNote Added: 0126475
2021-03-02 14:05hgbotNote Added: 0126476

Notes
(0126474)
hgbot   
2021-03-02 13:46   
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/177 [^]
(0126475)
hgbot   
2021-03-02 14:05   
Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^]
Changeset: 3cd1e25da130103b8ae7706c8aaa81db8ef2a27b
Author: Ranjith S R <ranjith@qualiantech.com>
Date: 2021-03-02T18:17:27+05:30
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/3cd1e25da130103b8ae7706c8aaa81db8ef2a27b [^]

Fixed ISSUE-45964: Updated JSONProcess by removing jsoninfo in log

---
M src/org/openbravo/mobile/core/process/SecuredJSONProcess.java
---
(0126476)
hgbot   
2021-03-02 14:05   
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/177 [^]