stephen-bracken commented on code in PR #62180:
URL: https://github.com/apache/airflow/pull/62180#discussion_r2832506036
##########
airflow-core/src/airflow/models/connection.py:
##########
@@ -224,9 +226,16 @@ def _normalize_conn_type(conn_type):
return conn_type
def _parse_from_uri(self, uri: str):
+ uri_match = RE_SAFE_LOG_URI.search(uri)
+ if uri_match:
+ # Create sanitised uri for logging
+ pwd = uri_match.group(2)
+ safe_log_uri = uri.replace(pwd, "******")
+ else: # Assume no password in URI
+ safe_log_uri = uri
Review Comment:
This would not work in this case, as we are speifically working with
_invalid_ uris, so it is not safe to assume that the password would appear
under the parsed uri's `.password` field. Example:
```
>>> from urllib.parse import urlsplit
>>> url = urlsplit("foo:pwd@host://://")
>>> url.path
'pwd@host://://'
```
the regex matches this correctly:
```
>>> import re
>>> pattern = re.compile(r"(.*://)?(.*):(.*)@(.*?)(://.*?)?(:\d+?)?(\?.*?)?")
>>> m = pattern.search("foo:pwd@host://://")
>>> m.group(3)
'pwd'
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
