chore(vulnerability): Log Injection (High) (#11131)

datahub-project · Aug 20, 2024 · bc79aec · bc79aec
1 parent b46a963
commit bc79aec
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 8 deletions.
diff --git a/metadata-io/src/main/java/com/linkedin/metadata/systemmetadata/ESSystemMetadataDAO.java b/metadata-io/src/main/java/com/linkedin/metadata/systemmetadata/ESSystemMetadataDAO.java
@@ -54,10 +54,7 @@ public Optional<GetTaskResponse> getTaskStatus(@Nonnull String nodeId, long task
     try {
       return client.tasks().get(taskRequest, RequestOptions.DEFAULT);
     } catch (IOException e) {
-      log.error(
-          String.format(
-              "ERROR: Failed to get task status for %s:%d. See stacktrace for a more detailed error:",
-              nodeId, taskId));
+      log.error("ERROR: Failed to get task status: ", e);
       e.printStackTrace();
     }
     return Optional.empty();

diff --git a/...uth-servlet-impl/src/main/java/com/datahub/auth/authentication/AuthServiceController.java b/...uth-servlet-impl/src/main/java/com/datahub/auth/authentication/AuthServiceController.java
@@ -123,7 +123,7 @@ CompletableFuture<ResponseEntity<String>> generateSessionTokenForUser(
     try {
       bodyJson = mapper.readTree(jsonStr);
     } catch (JsonProcessingException e) {
-      log.error("Failed to parse json while attempting to generate session token {}", jsonStr, e);
+      log.error("Failed to parse json while attempting to generate session token ", e);
       return CompletableFuture.completedFuture(new ResponseEntity<>(HttpStatus.BAD_REQUEST));
     }
     if (bodyJson == null) {
@@ -238,7 +238,7 @@ CompletableFuture<ResponseEntity<String>> signUp(final HttpEntity<String> httpEn
           try {
             Urn inviteTokenUrn = _inviteTokenService.getInviteTokenUrn(inviteTokenString);
             if (!_inviteTokenService.isInviteTokenValid(systemOperationContext, inviteTokenUrn)) {
-              log.error("Invalid invite token {}", inviteTokenString);
+              log.error("Invalid invite token");
               return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
             }
 
@@ -386,7 +386,7 @@ CompletableFuture<ResponseEntity<String>> track(final HttpEntity<String> httpEnt
     try {
       bodyJson = mapper.readTree(jsonStr);
     } catch (JsonProcessingException e) {
-      log.error("Failed to parse json while attempting to track analytics event {}", jsonStr);
+      log.error("Failed to parse json while attempting to track analytics event", e);
       return CompletableFuture.completedFuture(new ResponseEntity<>(HttpStatus.BAD_REQUEST));
     }
     if (bodyJson == null) {

diff --git a/...let/src/main/java/io/datahubproject/openapi/schema/registry/SchemaRegistryController.java b/...let/src/main/java/io/datahubproject/openapi/schema/registry/SchemaRegistryController.java
@@ -307,7 +307,11 @@ public ResponseEntity<RegisterSchemaResponse> register(
             })
         .orElseGet(
             () -> {
-              log.error("Couldn't find topic with name {}.", topicName);
+              if (topicName.matches("^[a-zA-Z0-9._-]+$")) {
+                log.error("Couldn't find topic with name {}.", topicName);
+              } else {
+                log.error("Couldn't find topic (Malformed topic name)");
+              }
               return new ResponseEntity<>(HttpStatus.NOT_FOUND);
             });
   }