prevent property dump in message logs

Author: terrywbrady

src-admintool/config/reports.yml

@@ -120,11 +120,12 @@ producer_files:
   category: files
   description: |
     Producer Files for a Mnemonic.
-s3-list:
-  link-title: S3 Download Links
+daily-build-s3-list:
+  link-title: Daily Build Links
   breadcrumb: bp_content_projects
   class: S3ListQuery
   category: files
+  params: ['daily-build', 'build-log.status.txt']
   description: |
     Generate S3 Download Links for an S3 prefix.
 

src-admintool/queries/s3_list_query.rb

@@ -4,10 +4,8 @@
 
 # Query class - see config/reports.yml for description
 class S3ListQuery < AdminQuery
-  def initialize(query_factory, path, myparams)
+  def initialize(query_factory, path, myparams, rptpath, status_file)
     super(query_factory, path, myparams)
-    rptpath = myparams.fetch('rptpath', 'daily-build')
-    status_file = myparams.fetch('status-file', '')
     @report = "merritt-reports/#{rptpath}"
     @files = []
     @status = 'SKIP'
@@ -21,7 +19,7 @@ def initialize(query_factory, path, myparams)
         @status = resp.body.read.chop
       end
     rescue StandardError
-      LambdaBase.log_config(config, "#{@report}/#{status_file} does not exist")
+      LambdaBase.log_config(@config, "#{@report}/#{status_file} does not exist")
     end
 
     resp = @s3_client.list_objects_v2({
@@ -49,4 +47,4 @@ def run_sql
   def init_status
     :PASS
   end
-end
+end

src-admintool/web/index.html

@@ -81,7 +81,7 @@ <h3>Bytes Recently Ingested</h3>
 
       <h3>Daily Build Output</h3>
       <ul>
-      <li class="graph"><a href="{{ADMINTOOL_HOME}}?path=s3-list&rptpath=daily-build&status-file=build-log.status.txt">Daily Build</a></li>
+      <li class="graph"><a href="{{ADMINTOOL_HOME}}?path=daily-build-s3-list">Daily Build</a></li>
       </ul>
 
       <h3>Object Management</h3>

src-common/lambda_base.rb

@@ -44,6 +44,13 @@ def initialize(config, event = {}, client_context = {})
     read_cognito_token(event)
   end
 
+  # exception message strings were including a dump of object properties
+  # this was leaking data to opersearch.
+  # this prevents any object (including MySql2::Client) from dumping properties
+  def inspect
+    "#{self.class} (property listing suppressed)"
+  end
+
   def read_cognito_token(event)
     cognito_token = event.fetch('headers', {}).fetch('x-amzn-oidc-accesstoken', '')
     if cognito_token.empty?
@@ -337,3 +344,12 @@ def self.log(message)
     log_config({}, message)
   end
 end
+
+# prevent logging credentials to opensearch
+class Object
+  def inspect
+    def inspect
+      "#{self.class} (property listing suppressed)"
+    end
+  end
+end

src-common/template/navmenu.html

@@ -24,7 +24,7 @@
         <a class="graph" href="{{ADMINTOOL_HOME}}?path=ingest_bytes_by_hour&days=30">Recent Bytes ingested by day - last 30 days</a>
         <a class="graph" href="{{ADMINTOOL_HOME}}?path=ingest_bytes_by_week">Recent Bytes ingested by week - last year</a>
         <a class="graph" href="{{ADMINTOOL_HOME}}?path=list_collections">List Collections</a>
-        <a class="graph" href="{{ADMINTOOL_HOME}}?path=s3-list&rptpath=daily-build&status-file=build-log.status.txt">Daily Build Output</a>
+        <a class="graph" href="{{ADMINTOOL_HOME}}?path=daily-build-s3-list">Daily Build Output</a>
       </div>
     </div>
     <div class="dropdown">