Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0045964 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Retail Modules] Web POS | major | always | 2021-02-26 17:07 | 2021-03-02 14:05 | |||
| Reporter | lbressan | View Status | public | |||||
| Assigned To | ranjith_qualiantech_com | |||||||
| Priority | high | Resolution | fixed | Fixed in Version | RR21Q2 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | RR20Q4 | SCM revision | ||||||
| Review Assigned To | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0045964: Sensitive information exposed in Openbravo.log | |||||||
| Description | The SecuredJSONProcess class in the method secureExec(Writer w, JSONObject jsonsent) logs all the json processed including Sensitive information. The customer's class: CustomerRegistrationService is extending JSONProcessSimple Class which in turn extends the SecuredJSONProcess class of the module org.openbravo.mobile.core.process.SecuredJSONProcess within which the method secureExec(Writer w, JSONObject jsonsent) has the logger line which is causing the response from the completion of the process to be logged into the log file, screenshot of the code attached in the ticket for reference. | |||||||
| Steps To Reproduce | Define a class Java that extend JSONProcessSimple | |||||||
| Tags | No tags attached. | |||||||
| Attached Files |  Screenshot from 2021-02-26 17-57-17.png [^] (214,731 bytes) 2021-02-26 17:07
| |||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
|
Notes |
|
|
(0126474) hgbot (developer) 2021-03-02 13:46 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/177 [^] |
|
(0126475) hgbot (developer) 2021-03-02 14:05 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^] Changeset: 3cd1e25da130103b8ae7706c8aaa81db8ef2a27b Author: Ranjith S R <ranjith@qualiantech.com> Date: 2021-03-02T18:17:27+05:30 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/3cd1e25da130103b8ae7706c8aaa81db8ef2a27b [^] Fixed ISSUE-45964: Updated JSONProcess by removing jsoninfo in log --- M src/org/openbravo/mobile/core/process/SecuredJSONProcess.java --- |
|
(0126476) hgbot (developer) 2021-03-02 14:05 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/177 [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2021-02-26 17:07 | lbressan | New Issue | |
| 2021-02-26 17:07 | lbressan | Assigned To | => Retail |
| 2021-02-26 17:07 | lbressan | File Added: Screenshot from 2021-02-26 17-57-17.png | |
| 2021-02-26 17:07 | lbressan | Triggers an Emergency Pack | => No |
| 2021-03-01 20:07 | lbressan | Resolution time | => 1615762800 |
| 2021-03-02 13:39 | ranjith_qualiantech_com | Assigned To | Retail => ranjith_qualiantech_com |
| 2021-03-02 13:39 | ranjith_qualiantech_com | Status | new => scheduled |
| 2021-03-02 13:46 | hgbot | Note Added: 0126474 | |
| 2021-03-02 14:05 | hgbot | Resolution | open => fixed |
| 2021-03-02 14:05 | hgbot | Status | scheduled => closed |
| 2021-03-02 14:05 | hgbot | Fixed in Version | => RR21Q2 |
| 2021-03-02 14:05 | hgbot | Note Added: 0126475 | |
| 2021-03-02 14:05 | hgbot | Note Added: 0126476 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |