Home Explore Help
Register Sign In
HarrisonT
/
DataCenterCDC-DS
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[Improvement][Task] Mask password in task log (#14988)

Signed-off-by: Gallardot <gallardot@apache.org>
Co-authored-by: xiangzihao <460888207@qq.com>
Gallardot 1 year ago
parent
629fced9ef
commit
2a65590117
2 changed files with 53 additions and 20 deletions
Unified View Show Diff Stats
  1. 1 1
      dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/DataSourceConstants.java
  2. 52 19
      dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/log/SensitiveDataConverterTest.java

+ 1 - 1
dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/DataSourceConstants.java
View File 

@@ -102,7 +102,7 @@ public class DataSourceConstants {
 
      * dataSource sensitive param
 
      * dataSource sensitive param
 
      */
 
      */
 
     public static final String DATASOURCE_PASSWORD_REGEX =
 
     public static final String DATASOURCE_PASSWORD_REGEX =
 
-            "(?<=((?i)password((\":\")|(=')))).*?(?=((\")|(')))";
 
+            "(?<=((?i)password((\":\")|(\\\\\":\\\\\")|(=')))).*?(?=((\")|(\\\\\")|(')))";
 
 
 
     /**
 
     /**
 
      * datasource encryption salt
 
      * datasource encryption salt

+ 52 - 19
dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/log/SensitiveDataConverterTest.java
View File 

@@ -19,6 +19,8 @@ package org.apache.dolphinscheduler.common.log;
 
 
 
 import static org.apache.dolphinscheduler.common.constants.Constants.K8S_CONFIG_REGEX;
 
 import static org.apache.dolphinscheduler.common.constants.Constants.K8S_CONFIG_REGEX;
 
 
 
+import java.util.HashMap;
 
+
 
 import org.junit.jupiter.api.Assertions;
 
 import org.junit.jupiter.api.Assertions;
 
 import org.junit.jupiter.api.Test;
 
 import org.junit.jupiter.api.Test;
 
 import org.slf4j.Logger;
 
 import org.slf4j.Logger;
 
@@ -28,30 +30,61 @@ public class SensitiveDataConverterTest {
 
 
 
     private final Logger logger = LoggerFactory.getLogger(SensitiveDataConverterTest.class);
 
     private final Logger logger = LoggerFactory.getLogger(SensitiveDataConverterTest.class);
 
 
 
-    private final String logMsg = "{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\","
 
-            + "\"database\":\"carbond\","
 
-            + "\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\","
 
-            + "\"user\":\"view\","
 
-            + "\"password\":\"view1\"}";
 
-
 
-    private final String maskLogMsg = "{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\","
 
-            + "\"database\":\"carbond\","
 
-            + "\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\","
 
-            + "\"user\":\"view\","
 
-            + "\"password\":\"*****\"}";
 
-
 
     /**
 
     /**
 
      * mask sensitive logMsg - sql task datasource password
 
      * mask sensitive logMsg - sql task datasource password
 
      */
 
      */
 
     @Test
 
     @Test
 
     public void testPwdLogMsgConverter() {
 
     public void testPwdLogMsgConverter() {
 
-        final String maskedLog = SensitiveDataConverter.maskSensitiveData(logMsg);
 
-
 
-        logger.info("original parameter : {}", logMsg);
 
-        logger.info("masked parameter : {}", maskedLog);
 
-
 
-        Assertions.assertEquals(maskLogMsg, maskedLog);
 
-
 
+        HashMap<String, String> tcs = new HashMap<>();
 
+        tcs.put("{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\","
 
+                + "\"database\":\"carbond\","
 
+                + "\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\","
 
+                + "\"user\":\"view\","
 
+                + "\"password\":\"view1\"}",
 
+
 
+                "{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\","
 
+                        + "\"database\":\"carbond\","
 
+                        + "\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\","
 
+                        + "\"user\":\"view\","
 
+                        + "\"password\":\"*****\"}");
 
+
 
+        tcs.put("End initialize task {\n" +
 
+                "  \"resourceParametersHelper\" : {\n" +
 
+                "    \"resourceMap\" : {\n" +
 
+                "      \"DATASOURCE\" : {\n" +
 
+                "        \"1\" : {\n" +
 
+                "          \"resourceType\" : \"DATASOURCE\",\n" +
 
+                "          \"type\" : \"ORACLE\",\n" +
 
+                "          \"connectionParams\" : \"{\\\"user\\\":\\\"user\\\",\\\"password\\\":\\\"view1\\\"}\",\n" +
 
+                "          \"DATASOURCE\" : null\n" +
 
+                "        }\n" +
 
+                "      }\n" +
 
+                "    }\n" +
 
+                "  }\n" +
 
+                "}",
 
+
 
+                "End initialize task {\n" +
 
+                        "  \"resourceParametersHelper\" : {\n" +
 
+                        "    \"resourceMap\" : {\n" +
 
+                        "      \"DATASOURCE\" : {\n" +
 
+                        "        \"1\" : {\n" +
 
+                        "          \"resourceType\" : \"DATASOURCE\",\n" +
 
+                        "          \"type\" : \"ORACLE\",\n" +
 
+                        "          \"connectionParams\" : \"{\\\"user\\\":\\\"user\\\",\\\"password\\\":\\\"*****\\\"}\",\n"
 
+                        +
 
+                        "          \"DATASOURCE\" : null\n" +
 
+                        "        }\n" +
 
+                        "      }\n" +
 
+                        "    }\n" +
 
+                        "  }\n" +
 
+                        "}");
 
+
 
+        for (String logMsg : tcs.keySet()) {
 
+            String maskedLog = SensitiveDataConverter.maskSensitiveData(logMsg);
 
+            logger.info("original parameter : {}", logMsg);
 
+            logger.info("masked parameter : {}", maskedLog);
 
+            Assertions.assertEquals(tcs.get(logMsg), maskedLog);
 
+        }
 
     }
 
     }
 
 
 
     @Test
 
     @Test