Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bearer token plaintext in error logs of the worker #9693

Closed
r4zr1 opened this issue Jan 23, 2025 · 1 comment
Closed

Bearer token plaintext in error logs of the worker #9693

r4zr1 opened this issue Jan 23, 2025 · 1 comment
Assignees
@SouadHadjiat
Labels
bug use for describing something not working as expected security use to identify issue related to security solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 6.4.9

Comments

@r4zr1
Copy link

r4zr1 commented Jan 23, 2025
edited
Loading

Description

Bearer token appears in plaintext in the error log of a worker when connection to a server couldn't be established

request=request)\nrequests.exceptions.ConnectionError: HTTPConnectionPool(host='opencti-server', port=80): Max retries exceeded with url: /graphql (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fa65e67b9d0>: Failed to establish a new connection: [Errno 111] Connection refused'))", "taskName": null, "attributes": {"reason": "HTTPConnectionPool(host='opencti-server', port=80): Max retries exceeded with url: /graphql (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fa65e67b9d0>: Failed to establish a new connection: [Errno 111] Connection refused'))", "headers": "{'User-Agent': 'pycti/6.4.5', 'Authorization': 'Bearer 11111111-2222-3333-4444-3350638cf469'}"}}

Environment

  1. OS (where OpenCTI server runs): k8s (opencti/platform)
  2. OpenCTI version: 6.4.8
  3. env:
    WORKER_LOG_LEVEL: error
@r4zr1 r4zr1 added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Jan 23, 2025
@r4zr1 r4zr1 changed the title Bearer token plaintext in error logs of worker Bearer token plaintext in the error logs of the worker Jan 23, 2025
@r4zr1 r4zr1 changed the title Bearer token plaintext in the error logs of the worker Bearer token plaintext in error logs of the worker Jan 23, 2025
@labo-flg labo-flg added security use to identify issue related to security and removed needs triage use to identify issue needing triage from Filigran Product team labels Jan 24, 2025
@labo-flg labo-flg added this to the Bugs backlog milestone Jan 24, 2025
@SouadHadjiat SouadHadjiat self-assigned this Jan 24, 2025
@SouadHadjiat SouadHadjiat mentioned this issue Jan 24, 2025
Merged
5 tasks
@SouadHadjiat
Copy link
Member

Fixed by OpenCTI-Platform/client-python#813

@SouadHadjiat SouadHadjiat added the solved use to identify issue that has been solved (must be linked to the solving PR) label Jan 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SouadHadjiat SouadHadjiat

Labels
bug use for describing something not working as expected security use to identify issue related to security solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 6.4.9
Development

No branches or pull requests
3 participants
@SouadHadjiat @r4zr1 @labo-flg