fix: using masked properties for logging (#723)

aws · Nov 6, 2023 · 80577ed · 80577ed
1 parent e64bdb9
commit 80577ed
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 4 deletions.
diff --git a/wrapper/src/main/java/software/amazon/jdbc/DriverConnectionProvider.java b/wrapper/src/main/java/software/amazon/jdbc/DriverConnectionProvider.java
@@ -119,7 +119,7 @@ public Connection connect(
     final ConnectInfo connectInfo = this.targetDriverDialect.prepareConnectInfo(protocol, hostSpec, copy);
 
     LOGGER.finest(() -> "Connecting to " + connectInfo.url
-        + PropertyUtils.logProperties(connectInfo.props, "\nwith properties: \n"));
+        + PropertyUtils.logProperties(PropertyUtils.maskProperties(connectInfo.props), "\nwith properties: \n"));
 
     Connection conn = this.driver.connect(connectInfo.url, connectInfo.props);
 

diff --git a/...er/src/main/java/software/amazon/jdbc/targetdriverdialect/GenericTargetDriverDialect.java b/...er/src/main/java/software/amazon/jdbc/targetdriverdialect/GenericTargetDriverDialect.java
@@ -78,8 +78,8 @@ public void prepareDataSource(
     props.setProperty("url", finalUrl);
 
     PropertyDefinition.removeAllExceptCredentials(props);
-
-    LOGGER.finest(() -> PropertyUtils.logProperties(props, "Connecting with properties: \n"));
+    LOGGER.finest(() -> PropertyUtils.logProperties(PropertyUtils.maskProperties(props),
+        "Connecting with properties: \n"));
 
     if (!props.isEmpty()) {
       PropertyUtils.applyProperties(dataSource, props);

diff --git a/wrapper/src/main/java/software/amazon/jdbc/util/PropertyUtils.java b/wrapper/src/main/java/software/amazon/jdbc/util/PropertyUtils.java
@@ -19,16 +19,22 @@
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.Enumeration;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
+import java.util.Set;
 import java.util.logging.Logger;
 import org.checkerframework.checker.nullness.qual.NonNull;
 import software.amazon.jdbc.PropertyDefinition;
 
 public class PropertyUtils {
   private static final Logger LOGGER = Logger.getLogger(PropertyUtils.class.getName());
+  private static final Set<Object> SECRET_PROPERTIES = Collections.unmodifiableSet(
+      new HashSet<>(Collections.singletonList(PropertyDefinition.PASSWORD.name))
+  );
 
   public static void applyProperties(final Object target, final Properties properties) {
     if (target == null || properties == null) {
@@ -96,7 +102,8 @@ public static void setPropertyOnTarget(
       } else {
         writeMethod.invoke(target, propValue);
       }
-      LOGGER.finest(() -> String.format("Set property '%s' with value: %s", propName, propValue));
+      Object cleanPropValue = isSecretProperty(propName) ? "***" : propValue;
+      LOGGER.finest(() -> String.format("Set property '%s' with value: %s", propName, cleanPropValue));
 
     } catch (final InvocationTargetException ex) {
       LOGGER.warning(
@@ -127,6 +134,10 @@ public static void setPropertyOnTarget(
     return copy;
   }
 
+  private static boolean isSecretProperty(final Object propertyKey) {
+    return SECRET_PROPERTIES.contains(propertyKey);
+  }
+
   public static @NonNull Properties maskProperties(final Properties props) {
     final Properties maskedProperties = copyProperties(props);
     if (maskedProperties.containsKey(PropertyDefinition.PASSWORD.name)) {