[dolphinscheduler] branch dev updated: [Improvement][Task] Mask password in task log (#14988)

zihaoxiang Sat, 07 Oct 2023 23:54:57 -0700

This is an automated email from the ASF dual-hosted git repository.

zihaoxiang pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git



The following commit(s) were added to refs/heads/dev by this push:
     new 2a65590117 [Improvement][Task] Mask password in task log (#14988)
2a65590117 is described below

commit 2a6559011757267c387174b030444427b1650929
Author: Gallardot <[email protected]>
AuthorDate: Sun Oct 8 14:54:45 2023 +0800

    [Improvement][Task] Mask password in task log (#14988)
    
    Signed-off-by: Gallardot <[email protected]>
    Co-authored-by: xiangzihao <[email protected]>
---
 .../common/constants/DataSourceConstants.java      |  2 +-
 .../common/log/SensitiveDataConverterTest.java     | 71 ++++++++++++++++------
 2 files changed, 53 insertions(+), 20 deletions(-)

diff --git 
a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/DataSourceConstants.java
 
b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/DataSourceConstants.java
index b525d23ba7..d9afab2c47 100644
--- 
a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/DataSourceConstants.java
+++ 
b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/DataSourceConstants.java
@@ -102,7 +102,7 @@ public class DataSourceConstants {
      * dataSource sensitive param
      */
     public static final String DATASOURCE_PASSWORD_REGEX =
-            "(?<=((?i)password((\":\")|(=')))).*?(?=((\")|(')))";
+            
"(?<=((?i)password((\":\")|(\\\\\":\\\\\")|(=')))).*?(?=((\")|(\\\\\")|(')))";
 
     /**
      * datasource encryption salt
diff --git 
a/dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/log/SensitiveDataConverterTest.java
 
b/dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/log/SensitiveDataConverterTest.java
index 17dcaf6274..c641c296b8 100644
--- 
a/dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/log/SensitiveDataConverterTest.java
+++ 
b/dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/log/SensitiveDataConverterTest.java
@@ -19,6 +19,8 @@ package org.apache.dolphinscheduler.common.log;
 
 import static 
org.apache.dolphinscheduler.common.constants.Constants.K8S_CONFIG_REGEX;
 
+import java.util.HashMap;
+
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 import org.slf4j.Logger;
@@ -28,30 +30,61 @@ public class SensitiveDataConverterTest {
 
     private final Logger logger = 
LoggerFactory.getLogger(SensitiveDataConverterTest.class);
 
-    private final String logMsg = 
"{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\","
-            + "\"database\":\"carbond\","
-            + "\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\","
-            + "\"user\":\"view\","
-            + "\"password\":\"view1\"}";
-
-    private final String maskLogMsg = 
"{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\","
-            + "\"database\":\"carbond\","
-            + "\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\","
-            + "\"user\":\"view\","
-            + "\"password\":\"*****\"}";
-
     /**
      * mask sensitive logMsg - sql task datasource password
      */
     @Test
     public void testPwdLogMsgConverter() {
-        final String maskedLog = 
SensitiveDataConverter.maskSensitiveData(logMsg);
-
-        logger.info("original parameter : {}", logMsg);
-        logger.info("masked parameter : {}", maskedLog);
-
-        Assertions.assertEquals(maskLogMsg, maskedLog);
-
+        HashMap<String, String> tcs = new HashMap<>();
+        tcs.put("{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\","
+                + "\"database\":\"carbond\","
+                + "\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\","
+                + "\"user\":\"view\","
+                + "\"password\":\"view1\"}",
+
+                "{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\","
+                        + "\"database\":\"carbond\","
+                        + 
"\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\","
+                        + "\"user\":\"view\","
+                        + "\"password\":\"*****\"}");
+
+        tcs.put("End initialize task {\n" +
+                "  \"resourceParametersHelper\" : {\n" +
+                "    \"resourceMap\" : {\n" +
+                "      \"DATASOURCE\" : {\n" +
+                "        \"1\" : {\n" +
+                "          \"resourceType\" : \"DATASOURCE\",\n" +
+                "          \"type\" : \"ORACLE\",\n" +
+                "          \"connectionParams\" : 
\"{\\\"user\\\":\\\"user\\\",\\\"password\\\":\\\"view1\\\"}\",\n" +
+                "          \"DATASOURCE\" : null\n" +
+                "        }\n" +
+                "      }\n" +
+                "    }\n" +
+                "  }\n" +
+                "}",
+
+                "End initialize task {\n" +
+                        "  \"resourceParametersHelper\" : {\n" +
+                        "    \"resourceMap\" : {\n" +
+                        "      \"DATASOURCE\" : {\n" +
+                        "        \"1\" : {\n" +
+                        "          \"resourceType\" : \"DATASOURCE\",\n" +
+                        "          \"type\" : \"ORACLE\",\n" +
+                        "          \"connectionParams\" : 
\"{\\\"user\\\":\\\"user\\\",\\\"password\\\":\\\"*****\\\"}\",\n"
+                        +
+                        "          \"DATASOURCE\" : null\n" +
+                        "        }\n" +
+                        "      }\n" +
+                        "    }\n" +
+                        "  }\n" +
+                        "}");
+
+        for (String logMsg : tcs.keySet()) {
+            String maskedLog = 
SensitiveDataConverter.maskSensitiveData(logMsg);
+            logger.info("original parameter : {}", logMsg);
+            logger.info("masked parameter : {}", maskedLog);
+            Assertions.assertEquals(tcs.get(logMsg), maskedLog);
+        }
     }
 
     @Test

[dolphinscheduler] branch dev updated: [Improvement][Task] Mask password in task log (#14988)

Reply via email to