From 80577ed9f5e0e58b863c9369ba5b59e5b028ada0 Mon Sep 17 00:00:00 2001 From: Bruno Paiva Lima da Silva <64107800+brunos-bq@users.noreply.github.com> Date: Mon, 6 Nov 2023 13:08:16 -0800 Subject: [PATCH] fix: using masked properties for logging (#723) --- .../amazon/jdbc/DriverConnectionProvider.java | 2 +- .../GenericTargetDriverDialect.java | 4 ++-- .../software/amazon/jdbc/util/PropertyUtils.java | 13 ++++++++++++- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/wrapper/src/main/java/software/amazon/jdbc/DriverConnectionProvider.java b/wrapper/src/main/java/software/amazon/jdbc/DriverConnectionProvider.java index b1c5b6ca5..c7a832f22 100644 --- a/wrapper/src/main/java/software/amazon/jdbc/DriverConnectionProvider.java +++ b/wrapper/src/main/java/software/amazon/jdbc/DriverConnectionProvider.java @@ -119,7 +119,7 @@ public Connection connect( final ConnectInfo connectInfo = this.targetDriverDialect.prepareConnectInfo(protocol, hostSpec, copy); LOGGER.finest(() -> "Connecting to " + connectInfo.url - + PropertyUtils.logProperties(connectInfo.props, "\nwith properties: \n")); + + PropertyUtils.logProperties(PropertyUtils.maskProperties(connectInfo.props), "\nwith properties: \n")); Connection conn = this.driver.connect(connectInfo.url, connectInfo.props); diff --git a/wrapper/src/main/java/software/amazon/jdbc/targetdriverdialect/GenericTargetDriverDialect.java b/wrapper/src/main/java/software/amazon/jdbc/targetdriverdialect/GenericTargetDriverDialect.java index 5e84c2590..dcecee90a 100644 --- a/wrapper/src/main/java/software/amazon/jdbc/targetdriverdialect/GenericTargetDriverDialect.java +++ b/wrapper/src/main/java/software/amazon/jdbc/targetdriverdialect/GenericTargetDriverDialect.java @@ -78,8 +78,8 @@ public void prepareDataSource( props.setProperty("url", finalUrl); PropertyDefinition.removeAllExceptCredentials(props); - - LOGGER.finest(() -> PropertyUtils.logProperties(props, "Connecting with properties: \n")); + LOGGER.finest(() -> PropertyUtils.logProperties(PropertyUtils.maskProperties(props), + "Connecting with properties: \n")); if (!props.isEmpty()) { PropertyUtils.applyProperties(dataSource, props); diff --git a/wrapper/src/main/java/software/amazon/jdbc/util/PropertyUtils.java b/wrapper/src/main/java/software/amazon/jdbc/util/PropertyUtils.java index 91333307c..defd967b7 100644 --- a/wrapper/src/main/java/software/amazon/jdbc/util/PropertyUtils.java +++ b/wrapper/src/main/java/software/amazon/jdbc/util/PropertyUtils.java @@ -19,16 +19,22 @@ import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.util.Arrays; +import java.util.Collections; import java.util.Enumeration; +import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Properties; +import java.util.Set; import java.util.logging.Logger; import org.checkerframework.checker.nullness.qual.NonNull; import software.amazon.jdbc.PropertyDefinition; public class PropertyUtils { private static final Logger LOGGER = Logger.getLogger(PropertyUtils.class.getName()); + private static final Set SECRET_PROPERTIES = Collections.unmodifiableSet( + new HashSet<>(Collections.singletonList(PropertyDefinition.PASSWORD.name)) + ); public static void applyProperties(final Object target, final Properties properties) { if (target == null || properties == null) { @@ -96,7 +102,8 @@ public static void setPropertyOnTarget( } else { writeMethod.invoke(target, propValue); } - LOGGER.finest(() -> String.format("Set property '%s' with value: %s", propName, propValue)); + Object cleanPropValue = isSecretProperty(propName) ? "***" : propValue; + LOGGER.finest(() -> String.format("Set property '%s' with value: %s", propName, cleanPropValue)); } catch (final InvocationTargetException ex) { LOGGER.warning( @@ -127,6 +134,10 @@ public static void setPropertyOnTarget( return copy; } + private static boolean isSecretProperty(final Object propertyKey) { + return SECRET_PROPERTIES.contains(propertyKey); + } + public static @NonNull Properties maskProperties(final Properties props) { final Properties maskedProperties = copyProperties(props); if (maskedProperties.containsKey(PropertyDefinition.PASSWORD.name)) {