You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2019/12/14 06:33:00 UTC
[jira] [Commented] (AIRFLOW-6254) obscure conn extra in logs
[ https://issues.apache.org/jira/browse/AIRFLOW-6254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16996211#comment-16996211 ]
ASF GitHub Bot commented on AIRFLOW-6254:
-----------------------------------------
dstandish commented on pull request #6817: [AIRFLOW-6254] obscure conn extra in logs
URL: https://github.com/apache/airflow/pull/6817
### Jira
- [x] My PR addresses the following [Airflow Jira](https://issues.apache.org/jira/browse/AIRFLOW-6254)
- https://issues.apache.org/jira/browse/AIRFLOW-6254
### Description
- [x] Here are some details about my PR, including screenshots of any UI changes:
When BaseHook.get_connection is called, it calls conn.log_info() on the returned conn object.
This is prints to log the full contents of conn.extra.
This is problematic because there can be sensitive information in conn.extra.
The present change resolves this by adding method conn.log_info which obscures extra, and calling that in get_connection instead of debug_info.
The debug_info method itself is left unchanged.
### Tests
- [x] My PR adds the following unit tests __OR__ does not need testing for this extremely good reason:
Insignificant change, no new functionality
### Commits
- [x] My commits all reference Jira issues in their subject lines, and I have squashed multiple commits if they address the same issue. In addition, my commits follow the guidelines from "[How to write a good git commit message](http://chris.beams.io/posts/git-commit/)":
1. Subject is separated from body by a blank line
1. Subject is limited to 50 characters (not including Jira issue reference)
1. Subject does not end with a period
1. Subject uses the imperative mood ("add", not "adding")
1. Body wraps at 72 characters
1. Body explains "what" and "why", not "how"
### Documentation
- [x] In case of new functionality, my PR adds documentation that describes how to use it.
- All the public functions and the classes in the PR contain docstrings that explain what it does
- If you implement backwards incompatible changes, please leave a note in the [Updating.md](https://github.com/apache/airflow/blob/master/UPDATING.md) so we can assign it to a appropriate release
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
> obscure conn extra in logs
> --------------------------
>
> Key: AIRFLOW-6254
> URL: https://issues.apache.org/jira/browse/AIRFLOW-6254
> Project: Apache Airflow
> Issue Type: Bug
> Components: core
> Affects Versions: 1.10.6
> Reporter: Daniel Standish
> Assignee: Daniel Standish
> Priority: Major
> Fix For: 1.10.7
>
>
> When {{BaseHook.get_connection}} is called, it calls {{conn.log_info()}} on the returned {{conn}} object.
> This is prints to log the full contents of {{conn.extra}}.
> This is problematic because there can be sensitive information in {{conn.extra}}.
> The present change resolves this by adding method {{conn.log_info}} which obscures {{extra}}, and calling that in {{get_connection}} instead of {{debug_info}}.
> The {{debug_info}} method itself is left unchanged.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)