Copilot commented on code in PR #63066:
URL: https://github.com/apache/doris/pull/63066#discussion_r3206201428
##########
fe/fe-core/src/main/java/org/apache/doris/service/FrontendServiceImpl.java:
##########
@@ -2079,6 +2079,12 @@ private void rollbackTxnImpl(TRollbackTxnRequest
request) throws UserException {
TxnCommitAttachment.fromThrift(request.getTxnCommitAttachment()), tableList);
}
+ private void checkTokenOrThrow(String token) throws
AuthenticationException {
+ if (!checkToken(token)) {
+ throw new AuthenticationException("Invalid token");
+ }
+ }
Review Comment:
Now that token validation is centralized in checkTokenOrThrow(), there are
still earlier code paths in this class (e.g., loadTxnBeginImpl and
loadTxnPreCommitImpl) that do their own validation and include the raw token in
the AuthenticationException message ("Invalid token: <token>"). That leaks a
credential into error messages/logs and also creates inconsistent behavior
across stream-load stages. Consider switching those sites to use
checkTokenOrThrow() (or otherwise remove the token from the message) for
consistency and to avoid exposing secrets.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
