diff --git a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/DataSourceConstants.java b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/DataSourceConstants.java index b525d23ba7..d9afab2c47 100644 --- a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/DataSourceConstants.java +++ b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/DataSourceConstants.java @@ -102,7 +102,7 @@ public class DataSourceConstants { * dataSource sensitive param */ public static final String DATASOURCE_PASSWORD_REGEX = - "(?<=((?i)password((\":\")|(=')))).*?(?=((\")|(')))"; + "(?<=((?i)password((\":\")|(\\\\\":\\\\\")|(=')))).*?(?=((\")|(\\\\\")|(')))"; /** * datasource encryption salt diff --git a/dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/log/SensitiveDataConverterTest.java b/dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/log/SensitiveDataConverterTest.java index 17dcaf6274..c641c296b8 100644 --- a/dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/log/SensitiveDataConverterTest.java +++ b/dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/log/SensitiveDataConverterTest.java @@ -19,6 +19,8 @@ package org.apache.dolphinscheduler.common.log; import static org.apache.dolphinscheduler.common.constants.Constants.K8S_CONFIG_REGEX; +import java.util.HashMap; + import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; import org.slf4j.Logger; @@ -28,30 +30,61 @@ public class SensitiveDataConverterTest { private final Logger logger = LoggerFactory.getLogger(SensitiveDataConverterTest.class); - private final String logMsg = "{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\"," - + "\"database\":\"carbond\"," - + "\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\"," - + "\"user\":\"view\"," - + "\"password\":\"view1\"}"; - - private final String maskLogMsg = "{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\"," - + "\"database\":\"carbond\"," - + "\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\"," - + "\"user\":\"view\"," - + "\"password\":\"*****\"}"; - /** * mask sensitive logMsg - sql task datasource password */ @Test public void testPwdLogMsgConverter() { - final String maskedLog = SensitiveDataConverter.maskSensitiveData(logMsg); - - logger.info("original parameter : {}", logMsg); - logger.info("masked parameter : {}", maskedLog); - - Assertions.assertEquals(maskLogMsg, maskedLog); - + HashMap tcs = new HashMap<>(); + tcs.put("{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\"," + + "\"database\":\"carbond\"," + + "\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\"," + + "\"user\":\"view\"," + + "\"password\":\"view1\"}", + + "{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\"," + + "\"database\":\"carbond\"," + + "\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\"," + + "\"user\":\"view\"," + + "\"password\":\"*****\"}"); + + tcs.put("End initialize task {\n" + + " \"resourceParametersHelper\" : {\n" + + " \"resourceMap\" : {\n" + + " \"DATASOURCE\" : {\n" + + " \"1\" : {\n" + + " \"resourceType\" : \"DATASOURCE\",\n" + + " \"type\" : \"ORACLE\",\n" + + " \"connectionParams\" : \"{\\\"user\\\":\\\"user\\\",\\\"password\\\":\\\"view1\\\"}\",\n" + + " \"DATASOURCE\" : null\n" + + " }\n" + + " }\n" + + " }\n" + + " }\n" + + "}", + + "End initialize task {\n" + + " \"resourceParametersHelper\" : {\n" + + " \"resourceMap\" : {\n" + + " \"DATASOURCE\" : {\n" + + " \"1\" : {\n" + + " \"resourceType\" : \"DATASOURCE\",\n" + + " \"type\" : \"ORACLE\",\n" + + " \"connectionParams\" : \"{\\\"user\\\":\\\"user\\\",\\\"password\\\":\\\"*****\\\"}\",\n" + + + " \"DATASOURCE\" : null\n" + + " }\n" + + " }\n" + + " }\n" + + " }\n" + + "}"); + + for (String logMsg : tcs.keySet()) { + String maskedLog = SensitiveDataConverter.maskSensitiveData(logMsg); + logger.info("original parameter : {}", logMsg); + logger.info("masked parameter : {}", maskedLog); + Assertions.assertEquals(tcs.get(logMsg), maskedLog); + } } @Test