Caideyipi commented on PR #17981: URL: https://github.com/apache/iotdb/pull/17981#issuecomment-4737774858
I found two issues that still look worth fixing: 1. `PipeSinkSubtaskManager` now restores the raw `attributeSortedString` into the internal `taskID`, which is needed for compatibility, but the same raw string is also passed into `PipeSinkSubtask` and later returned by `getAttributeSortedString()`. That value is used as the metrics `Tag.NAME` in `PipeDataRegionSinkMetrics` and `PipeSchemaRegionSinkMetrics`, so secrets such as `sink.scp.password=...` or `sink.ssl.trust-store-pwd=...` can still be exposed through metric labels. Please keep the raw id only for internal map/executor keys, and use the display/sanitized attribute string for metric labels. 2. `PipeSubtaskExecutor#getSafeSubtaskStr` is still used on the `SUBTASK_NOT_REGISTERED` fallback paths and only masks `password=...`. With the raw sink `taskID`, this can still log sensitive keys covered by `PipeParameters.ValueHider`, for example `ssl.trust-store-pwd`. It would be better to reuse the same hiding rule as `ValueHider`, or avoid logging raw ids in those fallback paths. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
