Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Censor write only variables logging and added a new callback to sanitize any logging that would be passed to the existing message_callback #911

Merged
merged 8 commits into from
Jan 6, 2025
Merged

Censor write only variables logging and added a new callback to sanitize any logging that would be passed to the existing message_callback #911

merged 8 commits into from
Jan 6, 2025

Conversation

WilcodenBesten
Copy link
Contributor

@WilcodenBesten WilcodenBesten commented Dec 12, 2024
edited by hikinggrass
Loading

Describe your changes

  1. Added DeviceModel::get_mutability so the mutability of a component variable can be checked before the value change is logged. This prevents write-only varaiables to be logged

Checklist before requesting a review

  • I have performed a self-review of my code
  • [n/a] I have made corresponding changes to the documentation
  • [n/a] If OCPP 2.0.1: I have updated the OCPP 2.0.1 status document
  • I read the contribution documentation and made sure that my changes meet its requirements

@WilcodenBesten
Copy link
Contributor Author

WilcodenBesten commented Dec 12, 2024
edited
Loading

The log line here: https://github.com/EVerest/libocpp/blob/main/lib/ocpp/common/websocket/websocket_libwebsockets.cpp#L996 can still leak secrets as it's not filtered. You could argue that it's debug so that's not needed, but better safe then sorry imo.

Would love to here you're opinion on that.

EDIT: as discussed during call today: remove it

@WilcodenBesten WilcodenBesten force-pushed the sensor-write-only-variables branch 3 times, most recently from d031c56 to 983b199 Compare December 16, 2024 13:25
hikinggrass
hikinggrass requested changes Dec 20, 2024
View reviewed changes
include/ocpp/common/ocpp_logging.hpp Outdated Show resolved Hide resolved
WilcodenBesten and others added 6 commits January 6, 2025 10:04
@WilcodenBesten @marcemmers
Added DeviceModel::get_mutability so the mutability of a component va…
78f4583 
…riable can be checked before the value change is logged. This prevents write-only varaiables to be logged

Signed-off-by: Wilco den Besten <[email protected]>
@WilcodenBesten @marcemmers
Added optional callback to sanitize all logging before being passed t…
f8cd698 
…o the existing message_callback. Can be used to remove secrets from log lines

Signed-off-by: Wilco den Besten <[email protected]>
@WilcodenBesten @marcemmers
Only copy the log string when the callback has been set
1cb1548 
Signed-off-by: Wilco den Besten <[email protected]>
@WilcodenBesten @marcemmers
Also apply the last change to the other function that was changed
74b6ef8 
Signed-off-by: Wilco den Besten <[email protected]>
@WilcodenBesten @marcemmers
Removed log debug that could leak secrets
f9d8308 
Signed-off-by: Wilco den Besten <[email protected]>
@marcemmers
Remove sanitizing of ocpp logging, will be added differently later
91689fe 
Signed-off-by: Marc Emmers <[email protected]>
@marcemmers marcemmers force-pushed the sensor-write-only-variables branch from 983b199 to 91689fe Compare January 6, 2025 09:04
@marcemmers marcemmers requested a review from hikinggrass January 6, 2025 09:06
@marcemmers
Remove unused variable
6b99041 
Signed-off-by: Marc Emmers <[email protected]>
@marcemmers marcemmers merged commit e333c07 into main Jan 6, 2025
8 checks passed
@marcemmers marcemmers deleted the sensor-write-only-variables branch January 6, 2025 10:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcemmers marcemmers marcemmers left review comments

@hikinggrass hikinggrass hikinggrass approved these changes

@Pietfried Pietfried Awaiting requested review from Pietfried Pietfried is a code owner

@maaikez maaikez Awaiting requested review from maaikez maaikez is a code owner

Assignees

@hikinggrass hikinggrass

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@WilcodenBesten @hikinggrass @marcemmers