Re: [PR] Pipe: Mask sensitive attributes in sink subtask display strings [iotdb]

Thu, 21 May 2026 18:55:31 -0700 


Caideyipi commented on PR #17737:
URL: https://github.com/apache/iotdb/pull/17737#issuecomment-4514268790

   Medium: 
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/agent/task/subtask/sink/PipeSinkSubtaskManager.java:123
 now writes
       the masked display string into the sink runtime environment and subtask 
ID/tag path, but iotdb-core/datanode/src/main/java/org/
       apache/iotdb/db/pipe/metric/sink/PipeDataRegionSinkMetrics.java:200 
still keys compressionTimerMap only by
       sink.getAttributeSortedString(), and the sinks look timers up only by 
that same string (iotdb-core/datanode/src/main/java/org/apache/
       
iotdb/db/pipe/sink/protocol/thrift/async/IoTDBDataRegionAsyncSink.java:512, 
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/
       pipe/sink/protocol/thrift/sync/IoTDBDataRegionSyncSink.java:596, 
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/sink/
       protocol/airgap/IoTDBDataRegionAirGapSink.java:604). That means two 
active sinks that differ only in masked fields like password,
       scp.password, or ssl.trust-store-pwd will create separate subtasks but 
share one compression-timer entry; when either subtask is
       removed, 
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/metric/sink/PipeDataRegionSinkMetrics.java:389
 removes that
       shared key. Result: PIPE_COMPRESSION_TIME attribution becomes wrong, and 
a live sink can lose its timer mapping.
     - Low: 
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/agent/task/subtask/sink/PipeSinkSubtaskManager.java:200
 still returns
       the raw canonical attribute string, and its failure paths still append 
that raw string directly into exceptions (iotdb-core/datanode/
       
src/main/java/org/apache/iotdb/db/pipe/agent/task/subtask/sink/PipeSinkSubtaskManager.java:209,
 iotdb-core/datanode/src/main/java/
       
org/apache/iotdb/db/pipe/agent/task/subtask/sink/PipeSinkSubtaskManager.java:237,
 iotdb-core/datanode/src/main/java/org/apache/iotdb/
       db/pipe/agent/task/subtask/sink/PipeSinkSubtaskManager.java:261). So if 
those exceptions are logged, the secret is still exposed on
       error paths.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to