This is an automated email from the ASF dual-hosted git repository.
laiyingchun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-pegasus.git
The following commit(s) were added to refs/heads/master by this push:
new 13a45ab73 feat(log): Redacted user key-values printed in logs (#1598)
13a45ab73 is described below
commit 13a45ab73fc99b4b87d7683a7cc0d4b67c1ee98f
Author: Samunroyu <[email protected]>
AuthorDate: Wed Oct 18 20:23:57 2023 +0800
feat(log): Redacted user key-values printed in logs (#1598)
https://github.com/apache/incubator-pegasus/issues/1575
User key-values will be redacted if encryption enabled.
---
src/base/pegasus_utils.h | 23 +++++++
src/base/test/redact_sensitive_string_test.cpp | 69 +++++++++++++++++++++
src/geo/lib/geo_client.cpp | 59 +++++++++---------
src/server/hotkey_collector.cpp | 6 +-
src/server/pegasus_server_impl.cpp | 84 +++++++++++++-------------
src/server/pegasus_server_write.cpp | 4 +-
src/server/pegasus_write_service_impl.h | 14 ++---
src/server/rocksdb_wrapper.cpp | 12 ++--
8 files changed, 183 insertions(+), 88 deletions(-)
diff --git a/src/base/pegasus_utils.h b/src/base/pegasus_utils.h
index b52120968..20c65b926 100644
--- a/src/base/pegasus_utils.h
+++ b/src/base/pegasus_utils.h
@@ -28,8 +28,11 @@
#include <string>
#include <vector>
+#include "utils/flags.h"
#include "utils/string_view.h"
+DSN_DECLARE_bool(encrypt_data_at_rest);
+
namespace dsn {
class rpc_address;
} // namespace dsn
@@ -40,6 +43,7 @@ namespace utils {
// it's seconds since 2016.01.01-00:00:00 GMT
const uint32_t epoch_begin = 1451606400;
inline uint32_t epoch_now() { return time(nullptr) - epoch_begin; }
+const static std::string kRedactedString = "<redacted>";
// extract "host" from rpc_address
void addr2host(const ::dsn::rpc_address &addr, char *str, int len);
@@ -97,6 +101,15 @@ std::string c_escape_string(const T &src, bool
always_escape = false)
return s;
}
+template <class T>
+std::string c_escape_sensitive_string(const T &src, bool always_escape = false)
+{
+ if (FLAGS_encrypt_data_at_rest) {
+ return kRedactedString;
+ }
+ return c_escape_string(src, always_escape);
+}
+
// ----------------------------------------------------------------------
// c_unescape_string()
// Copies 'src' to 'dest', unescaping '0xFF'-style escape sequences to
@@ -106,6 +119,16 @@ std::string c_escape_string(const T &src, bool
always_escape = false)
// ----------------------------------------------------------------------
int c_unescape_string(const std::string &src, std::string &dest);
+template <class T>
+const std::string &redact_sensitive_string(const T &src)
+{
+ if (FLAGS_encrypt_data_at_rest) {
+ return kRedactedString;
+ } else {
+ return src;
+ }
+}
+
inline dsn::string_view to_string_view(rocksdb::Slice s) { return {s.data(),
s.size()}; }
inline rocksdb::Slice to_rocksdb_slice(dsn::string_view s) { return {s.data(),
s.size()}; }
diff --git a/src/base/test/redact_sensitive_string_test.cpp
b/src/base/test/redact_sensitive_string_test.cpp
new file mode 100644
index 000000000..d0bbcd7c6
--- /dev/null
+++ b/src/base/test/redact_sensitive_string_test.cpp
@@ -0,0 +1,69 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+// IWYU pragma: no_include <gtest/gtest-message.h>
+// IWYU pragma: no_include <gtest/gtest-test-part.h>
+#include <gtest/gtest.h>
+#include <string>
+
+#include "base/pegasus_utils.h"
+
+const std::string test_string = "pegasus";
+
+TEST(pegasus_utils, redact_sensitive_string)
+{
+ FLAGS_encrypt_data_at_rest = true;
+ auto result_string = pegasus::utils::redact_sensitive_string(test_string);
+ ASSERT_EQ(pegasus::utils::kRedactedString, result_string);
+}
+
+TEST(pegasus_utils, redact_sensitive_string_with_encrypt)
+{
+ FLAGS_encrypt_data_at_rest = false;
+ auto result_string = pegasus::utils::redact_sensitive_string(test_string);
+ ASSERT_EQ("pegasus", result_string);
+}
+
+TEST(pegasus_utils, c_escape_sensitive_string_with_no_encrypt_and_escape)
+{
+ FLAGS_encrypt_data_at_rest = false;
+ auto result_string =
pegasus::utils::c_escape_sensitive_string(test_string, false);
+ ASSERT_EQ("pegasus", result_string);
+}
+
+TEST(pegasus_utils, c_escape_sensitive_string_with_no_encrypt)
+{
+ FLAGS_encrypt_data_at_rest = false;
+ auto result_string =
pegasus::utils::c_escape_sensitive_string(test_string, true);
+ ASSERT_EQ("\\x70\\x65\\x67\\x61\\x73\\x75\\x73", result_string);
+}
+
+TEST(pegasus_utils, c_escape_sensitive_string_with_encrypt)
+{
+ FLAGS_encrypt_data_at_rest = true;
+ auto result_string =
pegasus::utils::c_escape_sensitive_string(test_string, false);
+ ASSERT_EQ(pegasus::utils::kRedactedString, result_string);
+}
+
+TEST(pegasus_utils, c_escape_sensitive_string_with_encrypt_and_escape)
+{
+ FLAGS_encrypt_data_at_rest = true;
+ auto result_string =
pegasus::utils::c_escape_sensitive_string(test_string, true);
+ ASSERT_EQ(pegasus::utils::kRedactedString, result_string);
+}
diff --git a/src/geo/lib/geo_client.cpp b/src/geo/lib/geo_client.cpp
index 0d4927695..31953fa81 100644
--- a/src/geo/lib/geo_client.cpp
+++ b/src/geo/lib/geo_client.cpp
@@ -138,8 +138,8 @@ int geo_client::set(const std::string &hash_key,
auto async_set_callback = [&](int ec_, pegasus_client::internal_info
&&info_) {
if (ec_ != PERR_OK) {
LOG_ERROR("set data failed. hash_key={}, sort_key={}, error={}",
- hash_key,
- sort_key,
+ utils::redact_sensitive_string(hash_key),
+ utils::redact_sensitive_string(sort_key),
get_error_string(ec_));
ret = ec_;
}
@@ -186,8 +186,8 @@ void geo_client::async_set(const std::string &hash_key,
if (ec_ != PERR_OK) {
LOG_ERROR("set {} data failed. hash_key={},
sort_key={}, error={}",
data_type_ == DataType::common ? "common" :
"geo",
- hash_key,
- sort_key,
+ utils::redact_sensitive_string(hash_key),
+ utils::redact_sensitive_string(sort_key),
get_error_string(ec_));
*ret = ec_;
}
@@ -238,8 +238,8 @@ int geo_client::get(const std::string &hash_key,
lng_degrees = lng_degrees_;
} else {
LOG_WARNING("get data failed. hash_key={}, sort_key={}, error={}",
- hash_key,
- sort_key,
+ utils::redact_sensitive_string(hash_key),
+ utils::redact_sensitive_string(sort_key),
get_error_string(ec_));
}
ret = ec_;
@@ -269,8 +269,8 @@ void geo_client::async_get(const std::string &hash_key,
S2LatLng latlng;
if (!_codec.decode_from_value(value_, latlng)) {
LOG_ERROR("decode_from_value failed. hash_key={}, sort_key={},
value={}",
- hash_key,
- sort_key,
+ utils::redact_sensitive_string(hash_key),
+ utils::redact_sensitive_string(sort_key),
value_);
cb(PERR_GEO_DECODE_VALUE_ERROR, id, 0, 0);
return;
@@ -290,8 +290,8 @@ int geo_client::del(const std::string &hash_key,
auto async_del_callback = [&](int ec_, pegasus_client::internal_info
&&info_) {
if (ec_ != PERR_OK) {
LOG_ERROR("del data failed. hash_key={}, sort_key={}, error={}",
- hash_key,
- sort_key,
+ utils::redact_sensitive_string(hash_key),
+ utils::redact_sensitive_string(sort_key),
get_error_string(ec_));
ret = ec_;
}
@@ -358,8 +358,8 @@ void geo_client::async_del(const std::string &hash_key,
if (ec__ != PERR_OK) {
LOG_ERROR("del {} data failed. hash_key={},
sort_key={}, error={}",
data_type_ == DataType::common ? "common" :
"geo",
- hash_key,
- sort_key,
+ utils::redact_sensitive_string(hash_key),
+ utils::redact_sensitive_string(sort_key),
get_error_string(ec_));
*ret = ec__;
}
@@ -391,8 +391,8 @@ int geo_client::set_geo_data(const std::string &hash_key,
if (ec_ != PERR_OK) {
ret = ec_;
LOG_ERROR("set geo data failed. hash_key={}, sort_key={},
error={}",
- hash_key,
- sort_key,
+ utils::redact_sensitive_string(hash_key),
+ utils::redact_sensitive_string(sort_key),
get_error_string(ec_));
}
set_completed.notify();
@@ -521,8 +521,8 @@ void geo_client::async_search_radial(const std::string
&hash_key,
](int ec_, std::string &&value_, pegasus_client::internal_info &&)
mutable {
if (ec_ != PERR_OK) {
LOG_ERROR("get failed. hash_key={}, sort_key={}, error={}",
- hash_key,
- sort_key,
+ utils::redact_sensitive_string(hash_key),
+ utils::redact_sensitive_string(sort_key),
get_error_string(ec_));
cb(ec_, {});
return;
@@ -531,8 +531,8 @@ void geo_client::async_search_radial(const std::string
&hash_key,
S2LatLng latlng;
if (!_codec.decode_from_value(value_, latlng)) {
LOG_ERROR("decode_from_value failed. hash_key={}, sort_key={},
value={}",
- hash_key,
- sort_key,
+ utils::redact_sensitive_string(hash_key),
+ utils::redact_sensitive_string(sort_key),
value_);
cb(ec_, {});
return;
@@ -726,8 +726,8 @@ bool geo_client::generate_geo_keys(const std::string
&hash_key,
S2LatLng latlng;
if (!_codec.decode_from_value(value, latlng)) {
LOG_ERROR("decode_from_value failed. hash_key={}, sort_key={},
value={}",
- hash_key,
- sort_key,
+ utils::redact_sensitive_string(hash_key),
+ utils::redact_sensitive_string(sort_key),
value);
return false;
}
@@ -919,7 +919,8 @@ void
geo_client::do_scan(pegasus_client::pegasus_scanner_wrapper scanner_wrapper
if (distance <= S2Earth::ToMeters(cap_ptr->radius())) {
std::string origin_hash_key, origin_sort_key;
if (!restore_origin_keys(geo_sort_key, origin_hash_key,
origin_sort_key)) {
- LOG_ERROR("restore_origin_keys failed. geo_sort_key={}",
geo_sort_key);
+ LOG_ERROR("restore_origin_keys failed. geo_sort_key={}",
+ utils::redact_sensitive_string(geo_sort_key));
cb();
return;
}
@@ -955,10 +956,10 @@ int geo_client::distance(const std::string &hash_key1,
LOG_ERROR(
"get distance failed. hash_key1={}, sort_key1={},
hash_key2={}, sort_key2={}, "
"error={}",
- hash_key1,
- sort_key1,
- hash_key2,
- sort_key2,
+ utils::redact_sensitive_string(hash_key1),
+ utils::redact_sensitive_string(sort_key1),
+ utils::redact_sensitive_string(hash_key2),
+ utils::redact_sensitive_string(sort_key2),
get_error_string(ec_));
ret = ec_;
}
@@ -988,10 +989,10 @@ void geo_client::async_distance(const std::string
&hash_key1,
if (ec_ != PERR_OK) {
LOG_ERROR("get data failed. hash_key1={}, sort_key1={},
hash_key2={}, sort_key2={}, "
"error={}",
- hash_key1,
- sort_key1,
- hash_key2,
- sort_key2,
+ utils::redact_sensitive_string(hash_key1),
+ utils::redact_sensitive_string(sort_key1),
+ utils::redact_sensitive_string(hash_key2),
+ utils::redact_sensitive_string(sort_key2),
get_error_string(ec_));
*ret = ec_;
}
diff --git a/src/server/hotkey_collector.cpp b/src/server/hotkey_collector.cpp
index 0574652f2..026851e2b 100644
--- a/src/server/hotkey_collector.cpp
+++ b/src/server/hotkey_collector.cpp
@@ -196,7 +196,7 @@ inline void hotkey_collector::change_state_by_result()
if (!_result.hot_hash_key.empty()) {
change_state_to_finished();
LOG_ERROR_PREFIX("Find the hotkey: {}",
-
pegasus::utils::c_escape_string(_result.hot_hash_key));
+
pegasus::utils::c_escape_sensitive_string(_result.hot_hash_key));
}
break;
default:
@@ -277,7 +277,7 @@ void
hotkey_collector::on_start_detect(dsn::replication::detect_hotkey_response
hint = fmt::format("{} hotkey result has been found: {}, you can send
a stop rpc to "
"restart hotkey detection",
dsn::enum_to_string(_hotkey_type),
-
pegasus::utils::c_escape_string(_result.hot_hash_key));
+
pegasus::utils::c_escape_sensitive_string(_result.hot_hash_key));
break;
case hotkey_collector_state::STOPPED:
change_state_to_coarse_detecting();
@@ -314,7 +314,7 @@ void
hotkey_collector::query_result(dsn::replication::detect_hotkey_response &re
LOG_INFO_PREFIX(hint);
} else {
resp.err = dsn::ERR_OK;
-
resp.__set_hotkey_result(pegasus::utils::c_escape_string(_result.hot_hash_key));
+
resp.__set_hotkey_result(pegasus::utils::c_escape_sensitive_string(_result.hot_hash_key));
}
}
diff --git a/src/server/pegasus_server_impl.cpp
b/src/server/pegasus_server_impl.cpp
index 9bc325ba9..975effe70 100644
--- a/src/server/pegasus_server_impl.cpp
+++ b/src/server/pegasus_server_impl.cpp
@@ -369,8 +369,8 @@ void pegasus_server_impl::on_get(get_rpc rpc)
LOG_ERROR_PREFIX("rocksdb get failed for get from {}: hash_key =
\"{}\", sort_key = "
"\"{}\", error = {}",
rpc.remote_address(),
- ::pegasus::utils::c_escape_string(hash_key),
- ::pegasus::utils::c_escape_string(sort_key),
+
::pegasus::utils::c_escape_sensitive_string(hash_key),
+
::pegasus::utils::c_escape_sensitive_string(sort_key),
status.ToString());
} else if (!status.IsNotFound()) {
LOG_ERROR_PREFIX("rocksdb get failed for get from {}: error = {}",
@@ -393,8 +393,8 @@ void pegasus_server_impl::on_get(get_rpc rpc)
"hash_key = {}, sort_key = {}, return = {}, "
"value_size = {}, time_used = {} ns",
rpc.remote_address(),
- ::pegasus::utils::c_escape_string(hash_key),
- ::pegasus::utils::c_escape_string(sort_key),
+
::pegasus::utils::c_escape_sensitive_string(hash_key),
+
::pegasus::utils::c_escape_sensitive_string(sort_key),
status.ToString(),
value.size(),
time_used);
@@ -508,17 +508,17 @@ void pegasus_server_impl::on_multi_get(multi_get_rpc rpc)
"sort_key_filter_pattern = \"{}\", final_start = \"{}\"
({}), final_stop = "
"\"{}\" ({})",
rpc.remote_address(),
- ::pegasus::utils::c_escape_string(request.hash_key),
- ::pegasus::utils::c_escape_string(request.start_sortkey),
+
::pegasus::utils::c_escape_sensitive_string(request.hash_key),
+
::pegasus::utils::c_escape_sensitive_string(request.start_sortkey),
request.start_inclusive ? "inclusive" : "exclusive",
- ::pegasus::utils::c_escape_string(request.stop_sortkey),
+
::pegasus::utils::c_escape_sensitive_string(request.stop_sortkey),
request.stop_inclusive ? "inclusive" : "exclusive",
::dsn::apps::_filter_type_VALUES_TO_NAMES.find(request.sort_key_filter_type)
->second,
-
::pegasus::utils::c_escape_string(request.sort_key_filter_pattern),
- ::pegasus::utils::c_escape_string(start),
+
::pegasus::utils::c_escape_sensitive_string(request.sort_key_filter_pattern),
+ ::pegasus::utils::c_escape_sensitive_string(start),
start_inclusive ? "inclusive" : "exclusive",
- ::pegasus::utils::c_escape_string(stop),
+ ::pegasus::utils::c_escape_sensitive_string(stop),
stop_inclusive ? "inclusive" : "exclusive");
}
resp.error = rocksdb::Status::kOk;
@@ -685,7 +685,7 @@ void pegasus_server_impl::on_multi_get(multi_get_rpc rpc)
LOG_ERROR_PREFIX("rocksdb scan failed for multi_get from {}:
hash_key = \"{}\", "
"reverse = {}, error = {}",
rpc.remote_address(),
-
::pegasus::utils::c_escape_string(request.hash_key),
+
::pegasus::utils::c_escape_sensitive_string(request.hash_key),
request.reverse ? "true" : "false",
it->status().ToString());
} else {
@@ -730,12 +730,13 @@ void pegasus_server_impl::on_multi_get(multi_get_rpc rpc)
// print log
if (!status.ok()) {
if (FLAGS_rocksdb_verbose_log) {
- LOG_ERROR_PREFIX("rocksdb get failed for multi_get from
{}: hash_key = \"{}\", "
- "sort_key = \"{}\", error = {}",
- rpc.remote_address(),
-
::pegasus::utils::c_escape_string(request.hash_key),
-
::pegasus::utils::c_escape_string(request.sort_keys[i]),
- status.ToString());
+ LOG_ERROR_PREFIX(
+ "rocksdb get failed for multi_get from {}: hash_key =
\"{}\", "
+ "sort_key = \"{}\", error = {}",
+ rpc.remote_address(),
+
::pegasus::utils::c_escape_sensitive_string(request.hash_key),
+
::pegasus::utils::c_escape_sensitive_string(request.sort_keys[i]),
+ status.ToString());
} else if (!status.IsNotFound()) {
LOG_ERROR_PREFIX("rocksdb get failed for multi_get from
{}: error = {}",
rpc.remote_address(),
@@ -803,13 +804,13 @@ void pegasus_server_impl::on_multi_get(multi_get_rpc rpc)
"result_count = {}, result_size = {}, iteration_count = {}, "
"expire_count = {}, filter_count = {}, time_used = {} ns",
rpc.remote_address(),
- ::pegasus::utils::c_escape_string(request.hash_key),
- ::pegasus::utils::c_escape_string(request.start_sortkey),
+ ::pegasus::utils::c_escape_sensitive_string(request.hash_key),
+ ::pegasus::utils::c_escape_sensitive_string(request.start_sortkey),
request.start_inclusive ? "inclusive" : "exclusive",
- ::pegasus::utils::c_escape_string(request.stop_sortkey),
+ ::pegasus::utils::c_escape_sensitive_string(request.stop_sortkey),
request.stop_inclusive ? "inclusive" : "exclusive",
::dsn::apps::_filter_type_VALUES_TO_NAMES.find(request.sort_key_filter_type)->second,
- ::pegasus::utils::c_escape_string(request.sort_key_filter_pattern),
+
::pegasus::utils::c_escape_sensitive_string(request.sort_key_filter_pattern),
request.max_kv_count,
request.max_kv_size,
request.reverse ? "true" : "false",
@@ -894,8 +895,8 @@ void pegasus_server_impl::on_batch_get(batch_get_rpc rpc)
LOG_ERROR_PREFIX(
"rocksdb data expired for batch_get from {}, hash_key
= {}, sort_key = {}",
rpc.remote_address().to_string(),
- pegasus::utils::c_escape_string(hash_key),
- pegasus::utils::c_escape_string(sort_key));
+ pegasus::utils::c_escape_sensitive_string(hash_key),
+ pegasus::utils::c_escape_sensitive_string(sort_key));
}
continue;
}
@@ -1011,7 +1012,7 @@ void
pegasus_server_impl::on_sortkey_count(sortkey_count_rpc rpc)
LOG_ERROR_PREFIX(
"rocksdb scan failed for sortkey_count from {}: hash_key =
\"{}\", error = {}",
rpc.remote_address(),
- ::pegasus::utils::c_escape_string(hash_key),
+ ::pegasus::utils::c_escape_sensitive_string(hash_key),
it->status().ToString());
} else {
LOG_ERROR_PREFIX("rocksdb scan failed for sortkey_count from {}:
error = {}",
@@ -1071,8 +1072,8 @@ void pegasus_server_impl::on_ttl(ttl_rpc rpc)
LOG_ERROR_PREFIX("rocksdb get failed for ttl from {}: hash_key =
\"{}\", sort_key = "
"\"{}\", error = {}",
rpc.remote_address(),
- ::pegasus::utils::c_escape_string(hash_key),
- ::pegasus::utils::c_escape_string(sort_key),
+
::pegasus::utils::c_escape_sensitive_string(hash_key),
+
::pegasus::utils::c_escape_sensitive_string(sort_key),
status.ToString());
} else if (!status.IsNotFound()) {
LOG_ERROR_PREFIX("rocksdb get failed for ttl from {}: error = {}",
@@ -1181,9 +1182,9 @@ void pegasus_server_impl::on_get_scanner(get_scanner_rpc
rpc)
LOG_WARNING_PREFIX("empty key range for get_scanner from {}:
start_key = \"{}\" ({}), "
"stop_key = \"{}\" ({})",
rpc.remote_address(),
-
::pegasus::utils::c_escape_string(request.start_key),
+
::pegasus::utils::c_escape_sensitive_string(request.start_key),
request.start_inclusive ? "inclusive" :
"exclusive",
-
::pegasus::utils::c_escape_string(request.stop_key),
+
::pegasus::utils::c_escape_sensitive_string(request.stop_key),
request.stop_inclusive ? "inclusive" :
"exclusive");
}
resp.error = rocksdb::Status::kOk;
@@ -1288,9 +1289,9 @@ void pegasus_server_impl::on_get_scanner(get_scanner_rpc
rpc)
"({}), stop_key = \"{}\" ({}), batch_size = {},
read_count = {}, "
"error = {}",
rpc.remote_address(),
- ::pegasus::utils::c_escape_string(start),
+
::pegasus::utils::c_escape_sensitive_string(start),
request.start_inclusive ? "inclusive" :
"exclusive",
- ::pegasus::utils::c_escape_string(stop),
+ ::pegasus::utils::c_escape_sensitive_string(stop),
request.stop_inclusive ? "inclusive" :
"exclusive",
batch_count,
count,
@@ -1459,7 +1460,7 @@ void pegasus_server_impl::on_scan(scan_rpc rpc)
"\"{}\" ({}), batch_size = {}, read_count =
{}, error = {}",
rpc.remote_address(),
request.context_id,
- ::pegasus::utils::c_escape_string(stop),
+
::pegasus::utils::c_escape_sensitive_string(stop),
stop_inclusive ? "inclusive" : "exclusive",
batch_count,
count,
@@ -3449,31 +3450,32 @@ std::string
pegasus_server_impl::dump_write_request(dsn::message_ex *request)
::dsn::blob hash_key, sort_key;
pegasus_restore_key(put.key, hash_key, sort_key);
return fmt::format("put: hash_key={}, sort_key={}",
- pegasus::utils::c_escape_string(hash_key),
- pegasus::utils::c_escape_string(sort_key));
+ pegasus::utils::c_escape_sensitive_string(hash_key),
+
pegasus::utils::c_escape_sensitive_string(sort_key));
}
if (rpc_code == dsn::apps::RPC_RRDB_RRDB_MULTI_PUT) {
auto multi_put = multi_put_rpc(request).request();
return fmt::format("multi_put: hash_key={}, multi_put_count={}",
- pegasus::utils::c_escape_string(multi_put.hash_key),
+
pegasus::utils::c_escape_sensitive_string(multi_put.hash_key),
multi_put.kvs.size());
}
if (rpc_code == dsn::apps::RPC_RRDB_RRDB_CHECK_AND_SET) {
auto check_and_set = check_and_set_rpc(request).request();
return fmt::format("check_and_set: hash_key={}, check_sort_key={},
set_sort_key={}",
-
pegasus::utils::c_escape_string(check_and_set.hash_key),
-
pegasus::utils::c_escape_string(check_and_set.check_sort_key),
-
pegasus::utils::c_escape_string(check_and_set.set_sort_key));
+
pegasus::utils::c_escape_sensitive_string(check_and_set.hash_key),
+
pegasus::utils::c_escape_sensitive_string(check_and_set.check_sort_key),
+
pegasus::utils::c_escape_sensitive_string(check_and_set.set_sort_key));
}
if (rpc_code == dsn::apps::RPC_RRDB_RRDB_CHECK_AND_MUTATE) {
auto check_and_mutate = check_and_mutate_rpc(request).request();
- return fmt::format("check_and_mutate: hash_key={}, check_sort_key={},
set_value_count={}",
-
pegasus::utils::c_escape_string(check_and_mutate.hash_key),
-
pegasus::utils::c_escape_string(check_and_mutate.check_sort_key),
- check_and_mutate.mutate_list.size());
+ return fmt::format(
+ "check_and_mutate: hash_key={}, check_sort_key={},
set_value_count={}",
+
pegasus::utils::c_escape_sensitive_string(check_and_mutate.hash_key),
+
pegasus::utils::c_escape_sensitive_string(check_and_mutate.check_sort_key),
+ check_and_mutate.mutate_list.size());
}
return "default";
diff --git a/src/server/pegasus_server_write.cpp
b/src/server/pegasus_server_write.cpp
index 1c6399cc2..b00f016ed 100644
--- a/src/server/pegasus_server_write.cpp
+++ b/src/server/pegasus_server_write.cpp
@@ -172,8 +172,8 @@ void pegasus_server_write::request_key_check(int64_t decree,
"decree: {}, code: {}, hash_key: {}, sort_key: {}",
decree,
msg->local_rpc_code.to_string(),
- utils::c_escape_string(hash_key),
- utils::c_escape_string(sort_key));
+ utils::c_escape_sensitive_string(hash_key),
+ utils::c_escape_sensitive_string(sort_key));
}
}
diff --git a/src/server/pegasus_write_service_impl.h
b/src/server/pegasus_write_service_impl.h
index 69b71c6ba..fa4c44e4a 100644
--- a/src/server/pegasus_write_service_impl.h
+++ b/src/server/pegasus_write_service_impl.h
@@ -217,7 +217,7 @@ public:
LOG_ERROR_PREFIX("incr failed: decree = {}, error = "
"old value \"{}\" is not an integer or
out of range",
decree,
- utils::c_escape_string(old_value));
+
utils::c_escape_sensitive_string(old_value));
resp.error = rocksdb::Status::kInvalidArgument;
// we should write empty record to update rocksdb's last
flushed decree
return empty_put(decree);
@@ -290,8 +290,8 @@ public:
LOG_ERROR_ROCKSDB("Error to GetCheckValue for CheckAndSet decree:
{}, hash_key: {}, "
"check_sort_key: {}",
decree,
- utils::c_escape_string(update.hash_key),
- utils::c_escape_string(update.check_sort_key));
+
utils::c_escape_sensitive_string(update.hash_key),
+
utils::c_escape_sensitive_string(update.check_sort_key));
resp.error = err;
return resp.error;
}
@@ -410,8 +410,8 @@ public:
LOG_ERROR_ROCKSDB("Error to GetCheckValue for CheckAndMutate
decree: {}, hash_key: {}, "
"check_sort_key: {}",
decree,
- utils::c_escape_string(update.hash_key),
- utils::c_escape_string(update.check_sort_key));
+
utils::c_escape_sensitive_string(update.hash_key),
+
utils::c_escape_sensitive_string(update.check_sort_key));
resp.error = err;
return resp.error;
}
@@ -650,7 +650,7 @@ private:
LOG_ERROR_PREFIX("check failed: decree = {}, error = "
"check value \"{}\" is not an integer or out
of range",
decree,
- utils::c_escape_string(value));
+ utils::c_escape_sensitive_string(value));
invalid_argument = true;
return false;
}
@@ -660,7 +660,7 @@ private:
LOG_ERROR_PREFIX("check failed: decree = {}, error = "
"check operand \"{}\" is not an integer or
out of range",
decree,
- utils::c_escape_string(check_operand));
+
utils::c_escape_sensitive_string(check_operand));
invalid_argument = true;
return false;
}
diff --git a/src/server/rocksdb_wrapper.cpp b/src/server/rocksdb_wrapper.cpp
index 59cd199d2..3fe882a42 100644
--- a/src/server/rocksdb_wrapper.cpp
+++ b/src/server/rocksdb_wrapper.cpp
@@ -96,8 +96,8 @@ int rocksdb_wrapper::get(dsn::string_view raw_key, /*out*/
db_get_context *ctx)
LOG_ERROR_ROCKSDB("Get",
s.ToString(),
"hash_key: {}, sort_key: {}",
- utils::c_escape_string(hash_key),
- utils::c_escape_string(sort_key));
+ utils::c_escape_sensitive_string(hash_key),
+ utils::c_escape_sensitive_string(sort_key));
return s.code();
}
@@ -156,8 +156,8 @@ int rocksdb_wrapper::write_batch_put_ctx(const
db_write_context &ctx,
s.ToString(),
"decree: {}, hash_key: {}, sort_key: {}, expire_ts:
{}",
ctx.decree,
- utils::c_escape_string(hash_key),
- utils::c_escape_string(sort_key),
+ utils::c_escape_sensitive_string(hash_key),
+ utils::c_escape_sensitive_string(sort_key),
expire_sec);
}
return s.code();
@@ -203,8 +203,8 @@ int rocksdb_wrapper::write_batch_delete(int64_t decree,
dsn::string_view raw_key
s.ToString(),
"decree: {}, hash_key: {}, sort_key: {}",
decree,
- utils::c_escape_string(hash_key),
- utils::c_escape_string(sort_key));
+ utils::c_escape_sensitive_string(hash_key),
+ utils::c_escape_sensitive_string(sort_key));
}
return s.code();
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
