Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0045964
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Retail Modules] Web POSmajoralways2021-02-26 17:072021-03-02 14:05
ReporterlbressanView Statuspublic 
Assigned Toranjith_qualiantech_com 
PriorityhighResolutionfixedFixed in VersionRR21Q2
StatusclosedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionRR20Q4SCM revision 
Merge Request Statusapproved
Review Assigned To
OBNetwork customerGold
Support ticket22248
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0045964: Sensitive information exposed in Openbravo.log

DescriptionThe SecuredJSONProcess class in the method secureExec(Writer w, JSONObject jsonsent) logs all the json processed including Sensitive information.

The customer's class: CustomerRegistrationService is extending JSONProcessSimple Class which in turn extends the SecuredJSONProcess class of the module org.openbravo.mobile.core.process.SecuredJSONProcess within which the method secureExec(Writer w, JSONObject jsonsent) has the logger line which is causing the response from the completion of the process to be logged into the log file, screenshot of the code attached in the ticket for reference.
Steps To ReproduceDefine a class Java that extend JSONProcessSimple
TagsNo tags attached.
Attached Filespng file icon Screenshot from 2021-02-26 17-57-17.png [^] (214,731 bytes) 2021-02-26 17:07

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0126474)
hgbot (developer)
2021-03-02 13:46

 Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/177 [^]
(0126475)
hgbot (developer)
2021-03-02 14:05

 Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^]
Changeset: 3cd1e25da130103b8ae7706c8aaa81db8ef2a27b
Author: Ranjith S R <ranjith@qualiantech.com>
Date: 2021-03-02T18:17:27+05:30
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/3cd1e25da130103b8ae7706c8aaa81db8ef2a27b [^]

Fixed ISSUE-45964: Updated JSONProcess by removing jsoninfo in log

---
M src/org/openbravo/mobile/core/process/SecuredJSONProcess.java
---
(0126476)
hgbot (developer)
2021-03-02 14:05

 Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/177 [^]

- Issue History
Date Modified Username Field Change
2021-02-26 17:07 lbressan New Issue
2021-02-26 17:07 lbressan Assigned To => Retail
2021-02-26 17:07 lbressan File Added: Screenshot from 2021-02-26 17-57-17.png
2021-02-26 17:07 lbressan OBNetwork customer => Gold
2021-02-26 17:07 lbressan Triggers an Emergency Pack => No
2021-03-01 20:07 lbressan Support ticket => 22248
2021-03-01 20:07 lbressan Resolution time => 1615762800
2021-03-02 13:39 ranjith_qualiantech_com Assigned To Retail => ranjith_qualiantech_com
2021-03-02 13:39 ranjith_qualiantech_com Status new => scheduled
2021-03-02 13:46 hgbot Merge Request Status => open
2021-03-02 13:46 hgbot Note Added: 0126474
2021-03-02 14:05 hgbot Merge Request Status open => approved
2021-03-02 14:05 hgbot Resolution open => fixed
2021-03-02 14:05 hgbot Status scheduled => closed
2021-03-02 14:05 hgbot Fixed in Version => RR21Q2
2021-03-02 14:05 hgbot Note Added: 0126475
2021-03-02 14:05 hgbot Note Added: 0126476

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker