[jira] [Created] (AIRFLOW-6348) security - cli.py is currently printing logs with password if you use cli to add connection with conn_password

[t oo (Jira)]

t oo created AIRFLOW-6348:
-----------------------------

             Summary: security - cli.py is currently printing logs with 
password if you use cli to add connection with conn_password
                 Key: AIRFLOW-6348
                 URL: https://issues.apache.org/jira/browse/AIRFLOW-6348
             Project: Apache Airflow
          Issue Type: Bug
          Components: cli
    Affects Versions: 1.10.6
            Reporter: t oo


cli.py is currently printing logs with password if you use cli to add 
connection with conn_password.

example log is being printed (this is issue if you have a auto-logforwarder 
like splunk)

Successfully added `conn_id`=query_hive : 
hive_cli://user:cleartextpassw@host:10000/default

 

relevant code doing the printing:

with db.create_session() as session:
if not (session.query(Connection)
.filter(Connection.conn_id == new_conn.conn_id).first()):
session.add(new_conn)
msg = '\n\tSuccessfully added `conn_id`=\{conn_id} : \{uri}\n'
msg = msg.format(conn_id=new_conn.conn_id,
uri=args.conn_uri or
urlunparse((args.conn_type,
'\{login}:\{password}@\{host}:\{port}'
.format(login=args.conn_login or '',
password=args.conn_password or '',
host=args.conn_host or '',
port=args.conn_port or ''),
args.conn_schema or '', '', '', '')))

 

[https://github.com/apache/airflow/blob/v1-10-stable/airflow/bin/cli.py#L1325]

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)