Browse Source

[Improvement][Task] Mask password in task log (#14988)

Signed-off-by: Gallardot <gallardot@apache.org>
Co-authored-by: xiangzihao <460888207@qq.com>
3.2.1-prepare
Gallardot 1 year ago committed by GitHub
parent
commit
2a65590117
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/DataSourceConstants.java
  2. 63
      dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/log/SensitiveDataConverterTest.java

2
dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/DataSourceConstants.java

@ -102,7 +102,7 @@ public class DataSourceConstants {
* dataSource sensitive param * dataSource sensitive param
*/ */
public static final String DATASOURCE_PASSWORD_REGEX = public static final String DATASOURCE_PASSWORD_REGEX =
"(?<=((?i)password((\":\")|(=')))).*?(?=((\")|(')))"; "(?<=((?i)password((\":\")|(\\\\\":\\\\\")|(=')))).*?(?=((\")|(\\\\\")|(')))";
/** /**
* datasource encryption salt * datasource encryption salt

63
dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/log/SensitiveDataConverterTest.java

@ -19,6 +19,8 @@ package org.apache.dolphinscheduler.common.log;
import static org.apache.dolphinscheduler.common.constants.Constants.K8S_CONFIG_REGEX; import static org.apache.dolphinscheduler.common.constants.Constants.K8S_CONFIG_REGEX;
import java.util.HashMap;
import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.slf4j.Logger; import org.slf4j.Logger;
@ -28,30 +30,61 @@ public class SensitiveDataConverterTest {
private final Logger logger = LoggerFactory.getLogger(SensitiveDataConverterTest.class); private final Logger logger = LoggerFactory.getLogger(SensitiveDataConverterTest.class);
private final String logMsg = "{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\"," /**
* mask sensitive logMsg - sql task datasource password
*/
@Test
public void testPwdLogMsgConverter() {
HashMap<String, String> tcs = new HashMap<>();
tcs.put("{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\","
+ "\"database\":\"carbond\"," + "\"database\":\"carbond\","
+ "\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\"," + "\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\","
+ "\"user\":\"view\"," + "\"user\":\"view\","
+ "\"password\":\"view1\"}"; + "\"password\":\"view1\"}",
private final String maskLogMsg = "{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\"," "{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\","
+ "\"database\":\"carbond\"," + "\"database\":\"carbond\","
+ "\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\"," + "\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\","
+ "\"user\":\"view\"," + "\"user\":\"view\","
+ "\"password\":\"*****\"}"; + "\"password\":\"*****\"}");
/** tcs.put("End initialize task {\n" +
* mask sensitive logMsg - sql task datasource password " \"resourceParametersHelper\" : {\n" +
*/ " \"resourceMap\" : {\n" +
@Test " \"DATASOURCE\" : {\n" +
public void testPwdLogMsgConverter() { " \"1\" : {\n" +
final String maskedLog = SensitiveDataConverter.maskSensitiveData(logMsg); " \"resourceType\" : \"DATASOURCE\",\n" +
" \"type\" : \"ORACLE\",\n" +
" \"connectionParams\" : \"{\\\"user\\\":\\\"user\\\",\\\"password\\\":\\\"view1\\\"}\",\n" +
" \"DATASOURCE\" : null\n" +
" }\n" +
" }\n" +
" }\n" +
" }\n" +
"}",
"End initialize task {\n" +
" \"resourceParametersHelper\" : {\n" +
" \"resourceMap\" : {\n" +
" \"DATASOURCE\" : {\n" +
" \"1\" : {\n" +
" \"resourceType\" : \"DATASOURCE\",\n" +
" \"type\" : \"ORACLE\",\n" +
" \"connectionParams\" : \"{\\\"user\\\":\\\"user\\\",\\\"password\\\":\\\"*****\\\"}\",\n"
+
" \"DATASOURCE\" : null\n" +
" }\n" +
" }\n" +
" }\n" +
" }\n" +
"}");
for (String logMsg : tcs.keySet()) {
String maskedLog = SensitiveDataConverter.maskSensitiveData(logMsg);
logger.info("original parameter : {}", logMsg); logger.info("original parameter : {}", logMsg);
logger.info("masked parameter : {}", maskedLog); logger.info("masked parameter : {}", maskedLog);
Assertions.assertEquals(tcs.get(logMsg), maskedLog);
Assertions.assertEquals(maskLogMsg, maskedLog); }
} }
@Test @Test

Loading…
Cancel
Save