Passwords in /var/log/yunohost/yunohost-api.log

Hi there. Is it expected to find database passwords in /var/log/yunohost/yunohost-api.log?
Wanted to share the file to report a bug, then went uh-oh, password in there :s

I tried to update Jireafeau and Opensondage via the Yunohost admin UI, it failed, and I saw that in the logs:

2017-03-30 23:01:51,331 INFO yunohost.hook - [479.3] + dbpass=xxx
2017-03-30 23:01:51,333 INFO yunohost.hook - [479.3] + dbuser=opensondage

more logs showing the error:

2017-03-30 23:02:17,771 INFO yunohost.hook - [479.3] + sudo yunohost app setting jirafeau unprotected_uris -v /
2017-03-30 23:02:18,903 INFO yunohost.hook - [479.3] + sudo service php5-fpm restart
2017-03-30 23:02:20,106 INFO yunohost.hook - [479.3] + sudo service nginx reload
2017-03-30 23:02:20,322 WARNING yunohost.hook - [479.3] Job for nginx.service failed. See ‘systemctl status nginx.service’ and ‘journalctl -xn’ for details.
2017-03-30 23:02:20,449 ERROR yunohost.app app_upgrade - [479.3] Unable to upgrade jirafeau
2017-03-30 23:02:20,530 WARNING yunohost.tools tools_upgrade - [479.3] unable to upgrade apps: [Errno 61] No app to upgrade
2017-03-30 23:02:20,531 ERROR moulinette.core translate - unable to retrieve key ‘app_upgrade_failed’ for default locale ‘en’
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/moulinette/core.py”, line 195, in translate
return _load_key(self.locale)
File “/usr/lib/python2.7/dist-packages/moulinette/core.py”, line 192, in _load_key
return value.encode(‘utf-8’).format(*args, **kwargs)
KeyError: ‘app’
2017-03-30 23:02:20,552 ERROR yunohost.tools tools_upgrade - [479.3] app_upgrade_failed
2017-03-30 23:02:20,837 INFO geventwebsocket.handler log_request - 127.0.0.1 - - [2017-03-30 23:02:20] “PUT /upgrade?ignore_packages HTTP/1.1” 200 12254 46.722693

version:

yunohost: 2.5.6
yunohost-admin: 2.5.1
moulinette: 2.5.2
ssowat: 2.6.4

Does that help?
Need anything else?
Thomas.

I also bumped into this after I accidentally published my log file including passwords with yunopaste.

Is there a possibility to change the log level? Would you accept contribution to skip logging this or to add a mechanism to skip logging those lines?

Yes :wink: To be seen what piece of code is actually reponsible for this, but sure

1 Like