(flink) branch release-1.19 updated: [FLINK-34499] Configuration#toString hides sensitive values

Wed, 28 Feb 2024 23:00:26 -0800 

This is an automated email from the ASF dual-hosted git repository.

mapohl pushed a commit to branch release-1.19
in repository https://gitbox.apache.org/repos/asf/flink.git


The following commit(s) were added to refs/heads/release-1.19 by this push:
     new 5016325b6ec [FLINK-34499] Configuration#toString hides sensitive values
5016325b6ec is described below

commit 5016325b6ec930a3f5cd3b186c185e004ede8691
Author: Chesnay Schepler <[email protected]>
AuthorDate: Thu Feb 22 18:07:38 2024 +0100

    [FLINK-34499] Configuration#toString hides sensitive values
---
 .../java/org/apache/flink/configuration/Configuration.java  |  9 ++++++++-
 .../org/apache/flink/configuration/ConfigurationTest.java   | 13 +++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git 
a/flink-core/src/main/java/org/apache/flink/configuration/Configuration.java 
b/flink-core/src/main/java/org/apache/flink/configuration/Configuration.java
index d8b06935abc..14f714e345f 100644
--- a/flink-core/src/main/java/org/apache/flink/configuration/Configuration.java
+++ b/flink-core/src/main/java/org/apache/flink/configuration/Configuration.java
@@ -41,6 +41,7 @@ import java.util.Optional;
 import java.util.Properties;
 import java.util.Set;
 import java.util.function.BiFunction;
+import java.util.stream.Collectors;
 
 import static org.apache.flink.configuration.ConfigurationUtils.canBePrefixMap;
 import static 
org.apache.flink.configuration.ConfigurationUtils.containsPrefixMap;
@@ -1126,6 +1127,12 @@ public class Configuration extends 
ExecutionConfig.GlobalJobParameters
 
     @Override
     public String toString() {
-        return this.confData.toString();
+        return ConfigurationUtils.hideSensitiveValues(
+                        this.confData.entrySet().stream()
+                                .collect(
+                                        Collectors.toMap(
+                                                Map.Entry::getKey,
+                                                entry -> 
entry.getValue().toString())))
+                .toString();
     }
 }
diff --git 
a/flink-core/src/test/java/org/apache/flink/configuration/ConfigurationTest.java
 
b/flink-core/src/test/java/org/apache/flink/configuration/ConfigurationTest.java
index e540a3d3738..cd0dedcb5c4 100644
--- 
a/flink-core/src/test/java/org/apache/flink/configuration/ConfigurationTest.java
+++ 
b/flink-core/src/test/java/org/apache/flink/configuration/ConfigurationTest.java
@@ -554,6 +554,19 @@ public class ConfigurationTest {
                                         .doesNotContain("secret_value"));
     }
 
+    @TestTemplate
+    void testToStringDoesNotLeakSensitiveData() {
+        ConfigOption<Map<String, String>> secret =
+                ConfigOptions.key("secret").mapType().noDefaultValue();
+
+        
Assertions.assertThat(GlobalConfiguration.isSensitive(secret.key())).isTrue();
+
+        final Configuration cfg = new Configuration(standardYaml);
+        cfg.setString(secret.key(), "secret_value");
+
+        assertThat(cfg.toString()).doesNotContain("secret_value");
+    }
+
     @TestTemplate
     void testGetWithOverrideDefault() {
         final Configuration conf = new Configuration(standardYaml);

Reply via email to