This is an automated email from the ASF dual-hosted git repository. ash pushed a commit to branch v2-1-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit c47171be467fba8a5dee626e7c2e92b41fe1034e Author: Ash Berlin-Taylor <[email protected]> AuthorDate: Tue May 25 19:31:22 2021 +0100 Ensure that we don't try to mask empty string in logs (#16057) Although `Connection.password` being empty was guarded against, there are other possible cases (such as an extra field) that wasn't guarded against, which ended up with this in the logs: WARNING - ***-***-***-*** ***L***o***g***g***i***n***g*** ***e***r***r***o***r*** ***-***-***-*** Oops! (cherry picked from commit 8814a59a5bf54dd17aef21eefd0900703330c22c) --- airflow/utils/log/secrets_masker.py | 2 ++ tests/utils/log/test_secrets_masker.py | 2 ++ 2 files changed, 4 insertions(+) diff --git a/airflow/utils/log/secrets_masker.py b/airflow/utils/log/secrets_masker.py index 73a2aef..6df8d39 100644 --- a/airflow/utils/log/secrets_masker.py +++ b/airflow/utils/log/secrets_masker.py @@ -214,6 +214,8 @@ class SecretsMasker(logging.Filter): for k, v in secret.items(): self.add_mask(v, k) elif isinstance(secret, str): + if not secret: + return pattern = re.escape(secret) if pattern not in self.patterns and (not name or should_hide_value_for_key(name)): self.patterns.add(pattern) diff --git a/tests/utils/log/test_secrets_masker.py b/tests/utils/log/test_secrets_masker.py index 1146bce..8c88bdd 100644 --- a/tests/utils/log/test_secrets_masker.py +++ b/tests/utils/log/test_secrets_masker.py @@ -156,6 +156,8 @@ class TestSecretsMasker: # When the "sensitive value" is a dict, don't mask anything # (Or should this be mask _everything_ under it ? ("api_key", {"other": "innoent"}, set()), + (None, {"password": ""}, set()), + (None, "", set()), ], ) def test_mask_secret(self, name, value, expected_mask):
