Hi, all There are 2 possible locations that the log may contain the sensitive data (e.g., password). Taking the sqoop task as an example:
1. The log output in the `buildCommand()` in `SqoopTask`. 2. The log output in the `createCommandFileIfNotExists(String execCommand, String commandFile)` in `ShellCommandExecutor`. We need to mask the sensitive data of `execCommand` here since the `execCommand` will be output in the log. But this class is shared by multiple task plugins and how to mask the sensitive data needs to be discussed. As for me, there are 2 ways to mask the sensitive data: 1. Use a common Utils class to mask the sensitive data of `execCommand` as below: SensitiveUtils.maskSensitiveForExecCommand(execCommand) So multiple task plugins (use ShellCommandExecutor) will use a common method to mask the sensitive data of `execCommand`. Note that the command after masking will only be output in the log, so this method will not affect the actual command executed. Related PR: https://github.com/apache/dolphinscheduler/pull/11589 2. Refactor the `createCommandFileIfNotExists()` and add a param `String execCommandMasking`. Also `AbstractCommandExecutor.run(execCommand)` needs to be refactored to `AbstractCommandExecutor.run(execCommand, execCommandMasking)`. By doing this, the processing logic of how to mask the sensitive data can be done in each task plugin. But this will modify `AbstractCommandExecutor` and `ShellCommandExecutor`, and many task plugins need to be modified. So which way do you think is better? Or there are other better ways to do so. Any comments or suggestions are welcome!
