Skip to content

Commit

Permalink
config(ticdc): mask more security query parameter (#9832)
Browse files Browse the repository at this point in the history
close #9831
  • Loading branch information
sdojjy authored Oct 7, 2023
1 parent a68282d commit 4e8db94
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 9 deletions.
23 changes: 14 additions & 9 deletions pkg/util/uri.go
Original file line number Diff line number Diff line change
Expand Up @@ -83,14 +83,16 @@ func MaskSinkURI(uri string) (string, error) {

var sensitiveQueryParameterNames = []string{
"password",
"sasl-password",
"access-key",
"secret-access-key",
"access_token",
"token",
"secret",
"passwd",
"pwd",
"access",
"token",
"secret",
"key",
"signature",
"credential",
"private",
"client",
}

// MaskSensitiveDataInURI returns an uri that sensitive infos has been masked.
Expand All @@ -101,9 +103,12 @@ func MaskSensitiveDataInURI(uri string) string {
return ""
}
queries := uriParsed.Query()
for _, secretKey := range sensitiveQueryParameterNames {
if queries.Has(secretKey) {
queries.Set(secretKey, "xxxxx")
for key := range queries {
lower := strings.ToLower(key)
for _, secretKey := range sensitiveQueryParameterNames {
if strings.Contains(lower, secretKey) {
queries.Set(key, "xxxxx")
}
}
}
uriParsed.RawQuery = queries.Encode()
Expand Down
12 changes: 12 additions & 0 deletions pkg/util/uri_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,18 @@ func TestMaskSensitiveDataInURI(t *testing.T) {
"mysql://root:[email protected]:3306/?time-zone=c",
"mysql://root:[email protected]:3306/?time-zone=c",
},
{
"mysql://root:[email protected]:3306/?access_key=c",
"mysql://root:[email protected]:3306/?access_key=xxxxx",
},
{
"mysql://root:[email protected]:3306/?secret_access_key=c",
"mysql://root:[email protected]:3306/?secret_access_key=xxxxx",
},
{
"mysql://root:[email protected]:3306/?client_secret=c",
"mysql://root:[email protected]:3306/?client_secret=xxxxx",
},
{
"",
"",
Expand Down

0 comments on commit 4e8db94

Please sign in to comment.