You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pinot.apache.org by ap...@apache.org on 2021/11/18 20:37:15 UTC
[pinot] branch master updated: fix obfuscator not capturing secretkey and keytab (#7794)
This is an automated email from the ASF dual-hosted git repository.
apucher pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pinot.git
The following commit(s) were added to refs/heads/master by this push:
new 7c695e9 fix obfuscator not capturing secretkey and keytab (#7794)
7c695e9 is described below
commit 7c695e9adc6da23d7373bcea7f80d7ac3cbf22e3
Author: Rong Rong <wa...@gmail.com>
AuthorDate: Thu Nov 18 12:36:59 2021 -0800
fix obfuscator not capturing secretkey and keytab (#7794)
---
.../main/java/org/apache/pinot/spi/utils/Obfuscator.java | 6 ++++--
.../java/org/apache/pinot/spi/utils/ObfuscatorTest.java | 14 ++++++++++++++
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/pinot-spi/src/main/java/org/apache/pinot/spi/utils/Obfuscator.java b/pinot-spi/src/main/java/org/apache/pinot/spi/utils/Obfuscator.java
index 35d2494..cd36245 100644
--- a/pinot-spi/src/main/java/org/apache/pinot/spi/utils/Obfuscator.java
+++ b/pinot-spi/src/main/java/org/apache/pinot/spi/utils/Obfuscator.java
@@ -58,7 +58,8 @@ import java.util.stream.Stream;
public final class Obfuscator {
private static final String DEFAULT_MASKED_VALUE = "*****";
private static final List<Pattern> DEFAULT_PATTERNS =
- Stream.of("(?i).*secret$", "(?i).*password$", "(?i).*token$").map(Pattern::compile).collect(Collectors.toList());
+ Stream.of("(?i).*secret$", "(?i).*secret[\\s_-]*key$", "(?i).*password$", "(?i).*keytab$", "(?i).*token$")
+ .map(Pattern::compile).collect(Collectors.toList());
private final String _maskedValue;
private final List<Pattern> _patterns;
@@ -93,7 +94,8 @@ public final class Obfuscator {
public JsonNode toJson(Object object) {
// NOTE: jayway json path 2.4.0 seems to have issues with '@.name' so we'll do this manually
// as determined by a cursory and purely subjective investigation by alex
- // "$..[?(@.name =~ /password$/i || @.name =~ /secret$/i || @.name =~ /token$/i)]"
+ // "$..[?(@.name =~ /password$/i || @.name =~ /secret$/i || @.name =~ /secret[\\s_-]*key$/i || @.name =~ /keytab$/i
+ // || @.name =~ /token$/i)]"
try {
JsonNode node;
diff --git a/pinot-spi/src/test/java/org/apache/pinot/spi/utils/ObfuscatorTest.java b/pinot-spi/src/test/java/org/apache/pinot/spi/utils/ObfuscatorTest.java
index 8d720a6..7b7f508 100644
--- a/pinot-spi/src/test/java/org/apache/pinot/spi/utils/ObfuscatorTest.java
+++ b/pinot-spi/src/test/java/org/apache/pinot/spi/utils/ObfuscatorTest.java
@@ -48,12 +48,26 @@ public class ObfuscatorTest {
_map.put("secret", "SECRET");
_map.put("a.secret", "SECRET");
_map.put("mysecret", "SECRET");
+ _map.put("mySecret", "SECRET");
_map.put("password", "SECRET");
_map.put("a.password", "SECRET");
_map.put("mypassword", "SECRET");
+ _map.put("myPassword", "SECRET");
+ _map.put("keytab", "SECRET");
+ _map.put("a.keytab", "SECRET");
+ _map.put("mykeytab", "SECRET");
+ _map.put("myKeytab", "SECRET");
_map.put("token", "SECRET");
_map.put("a.token", "SECRET");
_map.put("mytoken", "SECRET");
+ _map.put("myToken", "SECRET");
+
+ _map.put("secretKey", "SECRET");
+ _map.put("secretkey", "SECRET");
+ _map.put("secret_key", "SECRET");
+ _map.put("mysecretKey", "SECRET");
+ _map.put("mySecretKey", "SECRET");
+ _map.put("a.secretKey", "SECRET");
_nestedMap = new HashMap<>();
_nestedMap.put("value", "VALUE");
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org