2227142 – RFE: Prevent message content being logged at any level

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2227142 - RFE: Prevent message content being logged at any level

Summary: RFE: Prevent message content being logged at any level

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	rhc
Sub Component:
Version:	7.9
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Link Dupont
QA Contact:	CSI Client Tools Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:	2227010 2227141
Blocks:
TreeView+	depends on / blocked

Reported:	2023-07-28 07:27 UTC by Rehana
Modified:	2023-10-10 16:13 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:	2227141
Environment:
Last Closed:	2023-10-10 16:13:49 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-163733	0	None	None	None	2023-07-28 07:27:57 UTC
Red Hat Product Errata	RHBA-2023:5619	0	None	None	None	2023-10-10 16:13:50 UTC

Comment 3 Archana Pandey 2023-09-14 09:04:59 UTC

Pre-verification:

>> reproducing issue on older build of rhc-
[root@hp-z600-02 ~]# rpm -qa | grep rhc
rhc-worker-script-0.4-1.el7_9.x86_64
rhc-0.2.0-3.el7_9.x86_64
[root@hp-z600-02 ~]# 
[root@hp-z600-02 ~]# 
[root@hp-z600-02 ~]# rhc status
Connection status for hp-z600-02.ml3.eng.bos.redhat.com:

● Connected to Red Hat Subscription Management
● The Red Hat connector daemon is active

Manage your Red Hat connector systems: https://red.ht/connector
[root@hp-z600-02 ~]# 
[root@hp-z600-02 ~]# journalctl -u rhcd -f
-- Logs begin at Wed 2023-09-13 09:33:21 EDT. --
:
:
Sep 13 11:37:06 hp-z600-02.ml3.eng.bos.redhat.com rhcd[27662]: [rhcd] 2023/09/13 11:37:06 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/mqtt.go:18: received a message on topic redhat/insights/c1869825-2e4d-49ab-92f6-bbe24fa88b73/data/in
Sep 13 11:37:06 hp-z600-02.ml3.eng.bos.redhat.com rhcd[27662]: [rhcd] 2023/09/13 11:37:06 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/mqtt.go:25: message: {Type:data MessageID:fd0d186f-5324-43c0-9ec1-1328caffd321 ResponseTo: Version:1 Sent:2023-09-13 21:07:04.208213816 +0530 +0530 Directive:package-manager Metadata:map[] Content:[34 101 121 74 106 98 50 49 116 89 87 53 107 73 106 111 105 97 87 53 122 100 71 70 115 98 67 73 115 73 109 53 104 98 87 85 105 79 105 74 54 99 50 103 105 102 81 61 61 34]}
Sep 13 11:37:06 hp-z600-02.ml3.eng.bos.redhat.com rhcd[27662]: [rhcd] 2023/09/13 11:37:06 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/grpc.go:122: cannot route message to directive: package-manager

Notice the  logs " message" it has content in it-

>> upgrading rhc to 7.9z scratch build 

[root@hp-z600-02 ~]# yum upgrade rhc-0.2.4-1.el7_9.x86_64.rpm 
Loaded plugins: product-id, search-disabled-repos, subscription-manager
Examining rhc-0.2.4-1.el7_9.x86_64.rpm: 1:rhc-0.2.4-1.el7_9.x86_64
Marking rhc-0.2.4-1.el7_9.x86_64.rpm as an update to 1:rhc-0.2.0-3.el7_9.x86_64
Resolving Dependencies
--> Running transaction check
---> Package rhc.x86_64 1:0.2.0-3.el7_9 will be updated
---> Package rhc.x86_64 1:0.2.4-1.el7_9 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

==============================================================================================================================================================================================
 Package                             Arch                                   Version                                           Repository                                                 Size
==============================================================================================================================================================================================
Updating:
 rhc                                 x86_64                                 1:0.2.4-1.el7_9                                   /rhc-0.2.4-1.el7_9.x86_64                                  68 M

Transaction Summary
==============================================================================================================================================================================================
Upgrade  1 Package

Total size: 68 M
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : 1:rhc-0.2.4-1.el7_9.x86_64                                                                                                                                                 1/2 
warning: /etc/rhc/config.toml created as /etc/rhc/config.toml.rpmnew
  Cleanup    : 1:rhc-0.2.0-3.el7_9.x86_64                                                                                                                                                 2/2 
  Verifying  : 1:rhc-0.2.4-1.el7_9.x86_64                                                                                                                                                 1/2 
  Verifying  : 1:rhc-0.2.0-3.el7_9.x86_64                                                                                                                                                 2/2 
beaker-Server                                                                                                                                                          | 2.8 kB  00:00:00     
:
:                                                                                                                                         | 1.3 kB  00:00:00     
beaker-tasks                                                                                                                                                           | 1.3 kB  00:00:00     

Updated:
  rhc.x86_64 1:0.2.4-1.el7_9                                                                                                                                                                  

Complete!
[root@hp-z600-02 ~]# 

[root@hp-z600-02 ~]# service rhcd restart
Redirecting to /bin/systemctl restart rhcd.service

[root@hp-z600-02 ~]# rhc status
Connection status for hp-z600-02.ml3.eng.bos.redhat.com:

● Connected to Red Hat Subscription Management
● Connected to Red Hat Insights
● The Remote Host Configuration daemon is active

Manage your connected systems: https://red.ht/connector
[root@hp-z600-02 ~]# 

[root@hp-z600-02 ~]# journalctl -u rhcd -f | grep "received a message" -A 2

Sep 14 04:53:05 hp-z600-02.ml3.eng.bos.redhat.com rhcd[8474]: [rhcd] 2023/09/14 04:53:05 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/mqtt.go:18: received a message on topic redhat/insights/c1869825-2e4d-49ab-92f6-bbe24fa88b73/data/in
Sep 14 04:53:05 hp-z600-02.ml3.eng.bos.redhat.com rhcd[8474]: [rhcd] 2023/09/14 04:53:05 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/mqtt.go:25: message: 5ef56b38-d07b-4a7e-94e7-93357251fd30
Sep 14 04:53:05 hp-z600-02.ml3.eng.bos.redhat.com rhcd[8474]: [rhcd] 2023/09/14 04:53:05 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/http.go:38: sending HTTP request: GET //cert.cloud.stage.redhat.com/ZWNobyBoZWxsbw==

Verified: After upgrade, message doesn't contain any content.

Additional Information: Since rhel-7 does not have rhc-worker-playbook package, I have utilized yggctl to send messages.

Comment 6 Archana Pandey 2023-09-26 07:44:58 UTC

Final Verification:
Beaker Test information:
                         HOSTNAME=hp-moonshot-01-c20.ml3.eng.bos.redhat.com
                            JOBID=8356601
                         RECIPEID=14685076
                    RESULT_SERVER=
                           DISTRO=RHEL-7.9-updates-20230919.5
                     ARCHITECTURE=x86_64

[root@hp-moonshot-01-c20 ~]# rpm -qa | grep rhc
rhc-0.2.4-1.el7_9.x86_64
[root@hp-moonshot-01-c20 ~]# rpm -qa | grep insights-client
insights-client-3.1.8-1.el7_9.noarch
[root@hp-moonshot-01-c20 ~]# rpm -qa | grep subscription-manager
subscription-manager-rhsm-certificates-1.24.52-2.el7_9.x86_64
subscription-manager-1.24.52-2.el7_9.x86_64
subscription-manager-rhsm-1.24.52-2.el7_9.x86_64
[root@hp-moonshot-01-c20 ~]# 

[root@hp-moonshot-01-c20 ~]# rpm -ivh rhc-worker-script-0.4-2.el7_9.x86_64.rpm 
warning: rhc-worker-script-0.4-2.el7_9.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID fd431d51: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:rhc-worker-script-0.4-2.el7_9    ################################# [100%]
[root@hp-moonshot-01-c20 ~]# 

[root@hp-moonshot-01-c20 ~]# rhc status
Connection status for hp-moonshot-01-c20.ml3.eng.bos.redhat.com:

● Connected to Red Hat Subscription Management
● Connected to Red Hat Insights
● The Remote Host Configuration daemon is active

Manage your connected systems: https://red.ht/connector
[root@hp-moonshot-01-c20 ~]# 

[root@hp-moonshot-01-c20 ~]# journalctl -u rhcd -f
-- Logs begin at Tue 2023-09-26 01:30:29 EDT. --
Sep 26 03:36:49 hp-moonshot-01-c20.ml3.eng.bos.redhat.com rhcd[5207]: [rhcd] 2023/09/26 03:36:49 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/exec.go:112: watching process: 5257
Sep 26 03:36:49 hp-moonshot-01-c20.ml3.eng.bos.redhat.com rhcd[5207]: [rhcd] 2023/09/26 03:36:49 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/grpc.go:69: worker registered: {pid:5256 handler:package-manager addr:@ygg-package-manager-DaLvGA features:map[] detachedContent:false}
Sep 26 03:36:49 hp-moonshot-01-c20.ml3.eng.bos.redhat.com rhcd[5207]: [rhcd] 2023/09/26 03:36:49 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/grpc.go:69: worker registered: {pid:5257 handler:rhc-worker-script addr:@ygg-rhc-worker-script-QYYtQc features:map[] detachedContent:true}
Sep 26 03:36:49 hp-moonshot-01-c20.ml3.eng.bos.redhat.com rhcd[5207]: [rhcd] 2023/09/26 03:36:49 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/mqtt.go:131: published message 7002f1b7-bb61-4a08-9f00-d974b46287c7 to topic redhat/insights/189dd23a-3422-4cc4-8c64-1e92d7e0ccb4/control/out
Sep 26 03:36:49 hp-moonshot-01-c20.ml3.eng.bos.redhat.com rhcd[5207]: [rhcd] 2023/09/26 03:36:49 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/mqtt.go:131: published message d777987d-aa2d-4a21-82cf-aea2769427d4 to topic redhat/insights/189dd23a-3422-4cc4-8c64-1e92d7e0ccb4/control/out
Sep 26 03:36:49 hp-moonshot-01-c20.ml3.eng.bos.redhat.com rhcd[5207]: [rhcd] 2023/09/26 03:36:49 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/mqtt.go:131: published message c435f62c-387a-4d83-ac32-3836c6c488fa to topic redhat/insights/189dd23a-3422-4cc4-8c64-1e92d7e0ccb4/control/out
Sep 26 03:36:56 hp-moonshot-01-c20.ml3.eng.bos.redhat.com rhcd[5207]: [rhcd] 2023/09/26 03:36:56 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/mqtt.go:18: received a message on topic redhat/insights/189dd23a-3422-4cc4-8c64-1e92d7e0ccb4/data/in
Sep 26 03:36:56 hp-moonshot-01-c20.ml3.eng.bos.redhat.com rhcd[5207]: [rhcd] 2023/09/26 03:36:56 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/mqtt.go:25: message: 8048ce71-aeca-4331-8c78-c1a71ac4e04e

^^ Worker is registered
[root@hp-moonshot-01-c20 ~]# subscription-manager identity
system identity: 189dd23a-3422-4cc4-8c64-1e92d7e0ccb4
name: hp-moonshot-01-c20.ml3.eng.bos.redhat.com
org name: 11789772
org ID: 11789772
[root@hp-moonshot-01-c20 ~]# 



[arpandey@fedora ~]$ yggctl generate data-message --directive rhc-worker-script "echo hello testing" | pub -config rhcconfig.txt -topic redhat/insights/189dd23a-3422-4cc4-8c64-1e92d7e0ccb4/data/in
2023/09/26 13:10:06 connected: wss://connect.cloud.stage.redhat.com:443
2023/09/26 13:10:07 published: [redhat/insights/189dd23a-3422-4cc4-8c64-1e92d7e0ccb4/data/in] [123 34 116 121 112 101 34 58 34 100 97 116 97 34 44 34 109 101 115 115 97 103 101 95 105 100 34 58 34 101 97 102 52 99 57 98 99 45 48 54 57 98 45 52 56 98 57 45 98 55 51 99 45 102 53 101 99 55 102 57 49 99 55 49 56 34 44 34 114 101 115 112 111 110 115 101 95 116 111 34 58 34 34 44 34 118 101 114 115 105 111 110 34 58 49 44 34 115 101 110 116 34 58 34 50 48 50 51 45 48 57 45 50 54 84 49 51 58 49 48 58 48 50 46 55 55 49 52 51 57 50 51 52 43 48 53 58 51 48 34 44 34 100 105 114 101 99 116 105 118 101 34 58 34 114 104 99 45 119 111 114 107 101 114 45 115 99 114 105 112 116 34 44 34 109 101 116 97 100 97 116 97 34 58 123 125 44 34 99 111 110 116 101 110 116 34 58 34 90 87 78 111 98 121 66 111 90 87 120 115 98 121 66 48 90 88 78 48 97 87 53 110 34 125 10]
[arpandey@fedora ~]$ 

[root@hp-moonshot-01-c20 ~]# journalctl -u rhcd -f

Sep 26 03:40:07 hp-moonshot-01-c20.ml3.eng.bos.redhat.com rhcd[5207]: [rhcd] 2023/09/26 03:40:07 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/mqtt.go:18: received a message on topic redhat/insights/189dd23a-3422-4cc4-8c64-1e92d7e0ccb4/data/in
Sep 26 03:40:07 hp-moonshot-01-c20.ml3.eng.bos.redhat.com rhcd[5207]: [rhcd] 2023/09/26 03:40:07 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/mqtt.go:25: message: eaf4c9bc-069b-48b9-b73c-f5ec7f91c718
Sep 26 03:40:07 hp-moonshot-01-c20.ml3.eng.bos.redhat.com rhcd[5207]: [rhcd] 2023/09/26 03:40:07 /builddir/build/BUILD/rhc/yggdrasil-0.2.2/cmd/yggd/http.go:38: sending HTTP request: GET //cert.cloud.stage.redhat.com/ZWNobyBoZWxsbyB0ZXN0aW5n
Sep 26 03:40:07 hp-moonshot-01-c20.ml3.eng.bos.redhat.com rhcd[5207]: [rh


Verification- received messages no more showing content.
Passed.

Comment 10 errata-xmlrpc 2023-10-10 16:13:49 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhc enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:5619

Note You need to log in before you can comment on or make changes to this bug.