Skip to content

3.0.0-M5: Actuator Endpoints Sanitization #445

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Tracked by #440
fabapp2 opened this issue Sep 27, 2022 · 1 comment · Fixed by #570
Closed
Tracked by #440

3.0.0-M5: Actuator Endpoints Sanitization #445

fabapp2 opened this issue Sep 27, 2022 · 1 comment · Fixed by #570
Assignees
@fabapp2
Labels
3.0.0 Spring Boot 3.0.0 good first issue Good for newcomers type: enhancement New feature or request upgrade:boot-report
Milestone
v0.13.0

Comments

@fabapp2
Copy link
Contributor

fabapp2 commented Sep 27, 2022
edited
Loading

From the Release Notes

Since, the /env and /configprops endpoints can contains sensitive values, all values are always masked by default. This used to be case only for keys considered to be sensitive.

Instead, this release opts for a more secure default. The keys-based approach has been removed in favor of a role based approach, similar to the health endpoint details. Whether unsanitized values are shown or not can be configured using a property which can have the following values:

NEVER - All values are sanitized.

ALWAYS - All values are present in the output (sanitizing functions will apply).

WHEN_AUTHORIZED - Values are present in the output only if a user is authorized (sanitizing functions will apply).

For JMX, users are always considered to be authorized. For HTTP, users are considered to be authorized if they are authenticated and have the specified roles.

Sanitization for the QuartzEndpoint is also configurable in the same way.

What needs to be done

As Spring Boot migrator can't tell if non-sanitized properties are required, the best to prevent errors after upgrading to 3.0.0 is to reset the behaviour and inform the user about the change and its implications.

Report

Condition

Application is a Boot 3.0.0 application and actuator dependency is on the classpath

Section

title:
Actuator Endpoints Sanitization

paragraph:
Since, the /env and /configprops endpoints can contains sensitive values, all values are always masked by default. This used to be case only for keys considered to be sensitive.

Instead, this release opts for a more secure default. The keys-based approach has been removed in favor of a role based approach, similar to the health endpoint details. Whether unsanitized values are shown or not can be configured using a property which can have the following values:

  • NEVER - All values are sanitized.

  • ALWAYS - All values are present in the output (sanitizing functions will apply).

  • WHEN_AUTHORIZED - Values are present in the output only if a user is authorized (sanitizing functions will apply).

For JMX, users are always considered to be authorized. For HTTP, users are considered to be authorized if they are authenticated and have the specified roles.

Sanitization for the QuartzEndpoint is also configurable in the same way.

relevance-paragraph:
The scan found a dependency to actuator on the classpath. The Actuator endpoint sanitization changed in Spring Boot 3.0.0.
Because Spring Boot Migrator can't tell if the now sanitized properties are required in plain-text, the default in 2.7 will be reset. This means the application does not benefit from the new and more secure configuration in Spring Boot 3.0.0.
We strongly recommend you adjust this configuration to your needs.

todos:

  • consult the documentation {Link to relevant section(s) in M5 and current reference}
  • configure Actuator endpoint sanitization to your needs by adjusting management.endpoint.configprops.show-values, management.endpoint.env.show-values and management.endpoint.quartz.show-values.

Recipe

Condition

Application is a Boot 3.0.0 application and actuator dependency is on the classpath

Action

Set the properties management.endpoint.configprops.show-values, management.endpoint.env.show-values and management.endpoint.quartz.show-values to ALWAYS
No action, users need to manually configure to their needs
@fabapp2 fabapp2 mentioned this issue Sep 27, 2022
Closed
5 tasks
@fabapp2 fabapp2 added this to the v0.13.0 milestone Sep 27, 2022
@fabapp2 fabapp2 changed the title Actuator Endpoints Sanitization 3.0.0-M5: Actuator Endpoints Sanitization Sep 27, 2022
@fabapp2 fabapp2 added the good first issue Good for newcomers label Sep 27, 2022
@tkvangorder tkvangorder mentioned this issue Oct 29, 2022
Closed
@fabapp2 fabapp2 self-assigned this Nov 22, 2022
@fabapp2 fabapp2 linked a pull request Nov 22, 2022 that will close this issue
Report section for Actuator Endpoints Sanitization #570
Merged
@fabapp2
Copy link
Contributor Author

fabapp2 commented Nov 30, 2022

Implemented the report section
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fabapp2 fabapp2

Labels
3.0.0 Spring Boot 3.0.0 good first issue Good for newcomers type: enhancement New feature or request upgrade:boot-report
Projects
None yet
Milestone
v0.13.0
Development

Successfully merging a pull request may close this issue.

Report section for Actuator Endpoints Sanitization spring-projects-experimental/spring-boot-migrator
1 participant
@fabapp2