You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by as...@apache.org on 2021/06/22 13:45:55 UTC
[airflow] 05/38: Ensure that we don't try to mask empty string in
logs (#16057)
This is an automated email from the ASF dual-hosted git repository.
ash pushed a commit to branch v2-1-test
in repository https://gitbox.apache.org/repos/asf/airflow.git
commit c47171be467fba8a5dee626e7c2e92b41fe1034e
Author: Ash Berlin-Taylor <as...@firemirror.com>
AuthorDate: Tue May 25 19:31:22 2021 +0100
Ensure that we don't try to mask empty string in logs (#16057)
Although `Connection.password` being empty was guarded against, there
are other possible cases (such as an extra field) that wasn't guarded
against, which ended up with this in the logs:
WARNING - ***-***-***-*** ***L***o***g***g***i***n***g*** ***e***r***r***o***r*** ***-***-***-***
Oops!
(cherry picked from commit 8814a59a5bf54dd17aef21eefd0900703330c22c)
---
airflow/utils/log/secrets_masker.py | 2 ++
tests/utils/log/test_secrets_masker.py | 2 ++
2 files changed, 4 insertions(+)
diff --git a/airflow/utils/log/secrets_masker.py b/airflow/utils/log/secrets_masker.py
index 73a2aef..6df8d39 100644
--- a/airflow/utils/log/secrets_masker.py
+++ b/airflow/utils/log/secrets_masker.py
@@ -214,6 +214,8 @@ class SecretsMasker(logging.Filter):
for k, v in secret.items():
self.add_mask(v, k)
elif isinstance(secret, str):
+ if not secret:
+ return
pattern = re.escape(secret)
if pattern not in self.patterns and (not name or should_hide_value_for_key(name)):
self.patterns.add(pattern)
diff --git a/tests/utils/log/test_secrets_masker.py b/tests/utils/log/test_secrets_masker.py
index 1146bce..8c88bdd 100644
--- a/tests/utils/log/test_secrets_masker.py
+++ b/tests/utils/log/test_secrets_masker.py
@@ -156,6 +156,8 @@ class TestSecretsMasker:
# When the "sensitive value" is a dict, don't mask anything
# (Or should this be mask _everything_ under it ?
("api_key", {"other": "innoent"}, set()),
+ (None, {"password": ""}, set()),
+ (None, "", set()),
],
)
def test_mask_secret(self, name, value, expected_mask):