From cf25e453e7f34d9f9cbd31c4b46584e7ab041793 Mon Sep 17 00:00:00 2001
From: ismail simsek <6005685+ismailsimsek@users.noreply.github.com>
Date: Thu, 10 Nov 2022 21:33:42 +0100
Subject: [PATCH] Avoid logging secrets in jvm arguments (#148)
* Avoid logging secrets
* Avoid logging secrets
* Avoid logging secrets
* Avoid logging secrets
* Avoid logging secrets
* Avoid logging secrets
---
pom.xml | 2 +-
python/debezium/__init__.py | 36 ++++++++++++++++++++++++++++++++++--
2 files changed, 35 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index 3c7d2abf..87a8d903 100644
--- a/pom.xml
+++ b/pom.xml
@@ -18,7 +18,7 @@
pom
- 0.1.0-SNAPSHOT
+ 0.3.0-SNAPSHOT
UTF-8
diff --git a/python/debezium/__init__.py b/python/debezium/__init__.py
index c0771f9e..6850733c 100644
--- a/python/debezium/__init__.py
+++ b/python/debezium/__init__.py
@@ -1,5 +1,4 @@
import argparse
-import jnius_config
import logging
import os
import sys
@@ -7,6 +6,8 @@
import threading
from pathlib import Path
+import jnius_config
+
log = logging.getLogger(name="debezium")
log.setLevel(logging.INFO)
handler = logging.StreamHandler(sys.stdout)
@@ -63,12 +64,43 @@ def java_home(self, java_home: str):
os.environ["JAVA_HOME"] = java_home
log.info("JAVA_HOME set to %s" % java_home)
+ def _sanitize(self, jvm_option: str):
+ """Sanitizes jvm argument like `my.property.secret=xyz` if it contains secret.
+ >>> dbz = Debezium()
+ >>> dbz._sanitize("source.pwd=pswd")
+ 'source.pwd=*****'
+ >>> dbz._sanitize("source.password=pswd")
+ 'source.password=*****'
+ >>> dbz._sanitize("source.secret=pswd")
+ 'source.secret=*****'
+ """
+ if any(x in jvm_option.lower() for x in ['pwd', 'password', 'secret', 'apikey', 'apitoken']):
+ head, sep, tail = jvm_option.partition('=')
+ return head + '=*****'
+ else:
+ return jvm_option
+
# pylint: disable=no-name-in-module
def run(self, *args: str):
+ """Starts debezium process
+ >>> log.addHandler(logging.StreamHandler(sys.stdout))
+ >>> dbz = Debezium() #doctest:+ELLIPSIS
+ VM Classpath...debezium/*',...debezium/lib/*',...debezium/conf',...jnius/src']
+ >>> try:
+ ... dbz.run(*["source.pwd=pswd","source.password=pswd","abc.xyz=123"]) #doctest:+IGNORE_EXCEPTION_DETAIL
+ ... except Exception as e:
+ ... pass
+ Configured jvm options:['source.pwd=*****', 'source.password=*****', 'abc.xyz=123']
+ >>> dbz.run(*["source.pwd=pswd","source.password=pswd","abc.xyz=123"]) #doctest:+ELLIPSIS
+ Traceback (most recent call last):
+ ...
+ SystemError: JVM failed to start: -1
+ """
try:
jnius_config.add_options(*args)
- log.info("Configured jvm options:%s" % jnius_config.get_options())
+ __jvm_options: list = [self._sanitize(p) for p in jnius_config.get_options()]
+ log.info("Configured jvm options:%s" % __jvm_options)
from jnius import autoclass
DebeziumServer = autoclass('io.debezium.server.Main')