spring-boot-migrator icon indicating copy to clipboard operation
spring-boot-migrator copied to clipboard

Published 20 hours ago verified publisher icon spring-projects-experimental

3.0.0-M5: Actuator Endpoints Sanitization

Open fabapp2 opened this issue 3 years ago • 0 comments

From the Release Notes

Since, the /env and /configprops endpoints can contains sensitive values, all values are always masked by default. This used to be case only for keys considered to be sensitive.
Instead, this release opts for a more secure default. The keys-based approach has been removed in favor of a role based approach, similar to the health endpoint details. Whether unsanitized values are shown or not can be configured using a property which can have the following values:
NEVER - All values are sanitized.
ALWAYS - All values are present in the output (sanitizing functions will apply).
WHEN_AUTHORIZED - Values are present in the output only if a user is authorized (sanitizing functions will apply).
For JMX, users are always considered to be authorized. For HTTP, users are considered to be authorized if they are authenticated and have the specified roles.
Sanitization for the QuartzEndpoint is also configurable in the same way.

What needs to be done

As Spring Boot migrator can't tell if non-sanitized properties are required, the best to prevent errors after upgrading to 3.0.0 is to reset the behaviour and inform the user about the change and its implications.

Report

Condition

Application is a Boot 3.0.0 application and actuator dependency is on the classpath

Section

title: Actuator Endpoints Sanitization

paragraph: Since, the /env and /configprops endpoints can contains sensitive values, all values are always masked by default. This used to be case only for keys considered to be sensitive.

Instead, this release opts for a more secure default. The keys-based approach has been removed in favor of a role based approach, similar to the health endpoint details. Whether unsanitized values are shown or not can be configured using a property which can have the following values:

  • NEVER - All values are sanitized.

  • ALWAYS - All values are present in the output (sanitizing functions will apply).

  • WHEN_AUTHORIZED - Values are present in the output only if a user is authorized (sanitizing functions will apply).

For JMX, users are always considered to be authorized. For HTTP, users are considered to be authorized if they are authenticated and have the specified roles.

Sanitization for the QuartzEndpoint is also configurable in the same way.

relevance-paragraph: The scan found a dependency to actuator on the classpath. The Actuator endpoint sanitization changed in Spring Boot 3.0.0. Because Spring Boot Migrator can't tell if the now sanitized properties are required in plain-text, the default in 2.7 will be reset. This means the application does not benefit from the new and more secure configuration in Spring Boot 3.0.0. We strongly recommend you adjust this configuration to your needs.

todos:

  • consult the documentation {Link to relevant section(s) in M5 and current reference}
  • configure Actuator endpoint sanitization to your needs by adjusting management.endpoint.configprops.show-values, management.endpoint.env.show-values and management.endpoint.quartz.show-values.

Recipe

Condition

Application is a Boot 3.0.0 application and actuator dependency is on the classpath

Action

Set the properties management.endpoint.configprops.show-values, management.endpoint.env.show-values and management.endpoint.quartz.show-values to ALWAYS

fabapp2 avatar Sep 27 '22 09:09 fabapp2