This is an automated email from the ASF dual-hosted git repository.
mapohl pushed a commit to branch release-1.17
in repository https://gitbox.apache.org/repos/asf/flink.git
The following commit(s) were added to refs/heads/release-1.17 by this push:
new 72fbc897772 [FLINK-34499] Configuration#toString hides sensitive values
72fbc897772 is described below
commit 72fbc89777286d9cda46a80231b2db11c21ced0d
Author: Chesnay Schepler <[email protected]>
AuthorDate: Thu Feb 22 18:07:38 2024 +0100
[FLINK-34499] Configuration#toString hides sensitive values
---
.../java/org/apache/flink/configuration/Configuration.java | 9 ++++++++-
.../org/apache/flink/configuration/ConfigurationTest.java | 14 ++++++++++++++
2 files changed, 22 insertions(+), 1 deletion(-)
diff --git
a/flink-core/src/main/java/org/apache/flink/configuration/Configuration.java
b/flink-core/src/main/java/org/apache/flink/configuration/Configuration.java
index 27fa1b695ea..a12e96bf23b 100644
--- a/flink-core/src/main/java/org/apache/flink/configuration/Configuration.java
+++ b/flink-core/src/main/java/org/apache/flink/configuration/Configuration.java
@@ -38,6 +38,7 @@ import java.util.Optional;
import java.util.Properties;
import java.util.Set;
import java.util.function.BiFunction;
+import java.util.stream.Collectors;
import static org.apache.flink.configuration.ConfigurationUtils.canBePrefixMap;
import static
org.apache.flink.configuration.ConfigurationUtils.containsPrefixMap;
@@ -1005,6 +1006,12 @@ public class Configuration extends
ExecutionConfig.GlobalJobParameters
@Override
public String toString() {
- return this.confData.toString();
+ return ConfigurationUtils.hideSensitiveValues(
+ this.confData.entrySet().stream()
+ .collect(
+ Collectors.toMap(
+ Map.Entry::getKey,
+ entry ->
entry.getValue().toString())))
+ .toString();
}
}
diff --git
a/flink-core/src/test/java/org/apache/flink/configuration/ConfigurationTest.java
b/flink-core/src/test/java/org/apache/flink/configuration/ConfigurationTest.java
index 581f3d147cc..506b9ee0570 100644
---
a/flink-core/src/test/java/org/apache/flink/configuration/ConfigurationTest.java
+++
b/flink-core/src/test/java/org/apache/flink/configuration/ConfigurationTest.java
@@ -35,6 +35,7 @@ import java.util.stream.Collectors;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.containsString;
+import static org.hamcrest.Matchers.not;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
@@ -496,6 +497,19 @@ public class ConfigurationTest extends TestLogger {
.doesNotContain("secret_value"));
}
+ @Test
+ public void testToStringDoesNotLeakSensitiveData() {
+ ConfigOption<Map<String, String>> secret =
+ ConfigOptions.key("secret").mapType().noDefaultValue();
+
+ assertTrue(GlobalConfiguration.isSensitive(secret.key()));
+
+ final Configuration cfg = new Configuration();
+ cfg.setString(secret.key(), "secret_value");
+
+ assertThat(cfg.toString(), not(containsString("secret_value")));
+ }
+
//
--------------------------------------------------------------------------------------------
// Test classes
//
--------------------------------------------------------------------------------------------
