From d7aff37159af955e3bbd86d8c2da1805bd32c39e Mon Sep 17 00:00:00 2001
From: Ismail Simsek <6005685+ismailsimsek@users.noreply.github.com>
Date: Wed, 9 Nov 2022 20:21:25 +0100
Subject: [PATCH 1/6] Avoid logging secrets
---
pom.xml | 2 +-
python/debezium/__init__.py | 13 +++++++++++--
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index 3c7d2abf..87a8d903 100644
--- a/pom.xml
+++ b/pom.xml
@@ -18,7 +18,7 @@
pom
- 0.1.0-SNAPSHOT
+ 0.3.0-SNAPSHOT
UTF-8
diff --git a/python/debezium/__init__.py b/python/debezium/__init__.py
index c0771f9e..c31954bc 100644
--- a/python/debezium/__init__.py
+++ b/python/debezium/__init__.py
@@ -1,5 +1,4 @@
import argparse
-import jnius_config
import logging
import os
import sys
@@ -7,6 +6,8 @@
import threading
from pathlib import Path
+import jnius_config
+
log = logging.getLogger(name="debezium")
log.setLevel(logging.INFO)
handler = logging.StreamHandler(sys.stdout)
@@ -63,12 +64,20 @@ def java_home(self, java_home: str):
os.environ["JAVA_HOME"] = java_home
log.info("JAVA_HOME set to %s" % java_home)
+ def __sanitize(self, jvm_option: str):
+ if any(x not in jvm_option.lower() for x in ('pwd', 'password', 'secret', 'apikey', 'apitoken')):
+ head, sep, tail = jvm_option.partition('=')
+ return head + '=*****'
+ else:
+ return jvm_option
+
# pylint: disable=no-name-in-module
def run(self, *args: str):
try:
jnius_config.add_options(*args)
- log.info("Configured jvm options:%s" % jnius_config.get_options())
+ __jvm_options: list = [self.__sanitize(p) for p in jnius_config.get_options()]
+ log.info("Configured jvm options:%s" % __jvm_options)
from jnius import autoclass
DebeziumServer = autoclass('io.debezium.server.Main')
From 3e9339e3e38e7ee2c59631bcc36dea93f83eb32b Mon Sep 17 00:00:00 2001
From: Ismail Simsek <6005685+ismailsimsek@users.noreply.github.com>
Date: Wed, 9 Nov 2022 21:27:05 +0100
Subject: [PATCH 2/6] Avoid logging secrets
---
python/debezium/__init__.py | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/python/debezium/__init__.py b/python/debezium/__init__.py
index c31954bc..2bf8668b 100644
--- a/python/debezium/__init__.py
+++ b/python/debezium/__init__.py
@@ -64,7 +64,16 @@ def java_home(self, java_home: str):
os.environ["JAVA_HOME"] = java_home
log.info("JAVA_HOME set to %s" % java_home)
- def __sanitize(self, jvm_option: str):
+ def _sanitize(self, jvm_option: str):
+ """Sanitizes jvm argument like `my.property.secret=xyz` if it contains secret.
+ >>> dbz = Debezium()
+ >>> dbz._sanitize("source.pwd=pswd")
+ 'source.pwd=*****'
+ >>> dbz._sanitize("source.password=pswd")
+ 'source.password=*****'
+ >>> dbz._sanitize("source.secret=pswd")
+ 'source.secret=*****'
+ """
if any(x not in jvm_option.lower() for x in ('pwd', 'password', 'secret', 'apikey', 'apitoken')):
head, sep, tail = jvm_option.partition('=')
return head + '=*****'
@@ -76,7 +85,7 @@ def run(self, *args: str):
try:
jnius_config.add_options(*args)
- __jvm_options: list = [self.__sanitize(p) for p in jnius_config.get_options()]
+ __jvm_options: list = [self._sanitize(p) for p in jnius_config.get_options()]
log.info("Configured jvm options:%s" % __jvm_options)
from jnius import autoclass
From 2a1461489794265e34745018f1bda8ef392a13db Mon Sep 17 00:00:00 2001
From: Ismail Simsek <6005685+ismailsimsek@users.noreply.github.com>
Date: Wed, 9 Nov 2022 22:05:27 +0100
Subject: [PATCH 3/6] Avoid logging secrets
---
python/debezium/__init__.py | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/python/debezium/__init__.py b/python/debezium/__init__.py
index 2bf8668b..9414cbac 100644
--- a/python/debezium/__init__.py
+++ b/python/debezium/__init__.py
@@ -74,7 +74,7 @@ def _sanitize(self, jvm_option: str):
>>> dbz._sanitize("source.secret=pswd")
'source.secret=*****'
"""
- if any(x not in jvm_option.lower() for x in ('pwd', 'password', 'secret', 'apikey', 'apitoken')):
+ if any(x in jvm_option.lower() for x in ['pwd', 'password', 'secret', 'apikey', 'apitoken']):
head, sep, tail = jvm_option.partition('=')
return head + '=*****'
else:
@@ -82,6 +82,16 @@ def _sanitize(self, jvm_option: str):
# pylint: disable=no-name-in-module
def run(self, *args: str):
+ """Starts debezium process
+ >>> log.addHandler(logging.StreamHandler(sys.stdout))
+ >>> dbz = Debezium() #doctest:+ELLIPSIS
+ VM Classpath...
+ >>> try:
+ ... dbz.run(*["source.pwd=pswd","source.password=pswd","abc.xyz=123"]) #doctest:+IGNORE_EXCEPTION_DETAIL
+ ... except Exception as e:
+ ... pass
+ Configured jvm options:['source.pwd=*****', 'source.password=*****', 'abc.xyz=123']
+ """
try:
jnius_config.add_options(*args)
From 6843a6ba52a764320743f9c835bc1e391d624d30 Mon Sep 17 00:00:00 2001
From: Ismail Simsek <6005685+ismailsimsek@users.noreply.github.com>
Date: Wed, 9 Nov 2022 22:06:42 +0100
Subject: [PATCH 4/6] Avoid logging secrets
---
python/debezium/__init__.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/python/debezium/__init__.py b/python/debezium/__init__.py
index 9414cbac..a106353b 100644
--- a/python/debezium/__init__.py
+++ b/python/debezium/__init__.py
@@ -91,6 +91,10 @@ def run(self, *args: str):
... except Exception as e:
... pass
Configured jvm options:['source.pwd=*****', 'source.password=*****', 'abc.xyz=123']
+ >>> dbz.run(*["source.pwd=pswd","source.password=pswd","abc.xyz=123"]) #doctest:+ELLIPSIS
+ Traceback (most recent call last):
+ ...
+ SystemError: JVM failed to start: -1
"""
try:
From 855fa1ecd3a8ffc9068fe00e1c53309b8aff5992 Mon Sep 17 00:00:00 2001
From: Ismail Simsek <6005685+ismailsimsek@users.noreply.github.com>
Date: Wed, 9 Nov 2022 22:11:44 +0100
Subject: [PATCH 5/6] Avoid logging secrets
---
python/debezium/__init__.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/debezium/__init__.py b/python/debezium/__init__.py
index a106353b..ae884b65 100644
--- a/python/debezium/__init__.py
+++ b/python/debezium/__init__.py
@@ -85,7 +85,7 @@ def run(self, *args: str):
"""Starts debezium process
>>> log.addHandler(logging.StreamHandler(sys.stdout))
>>> dbz = Debezium() #doctest:+ELLIPSIS
- VM Classpath...
+ VM Classpath...debezium/*',...debezium/lib/*',...jnius/src']
>>> try:
... dbz.run(*["source.pwd=pswd","source.password=pswd","abc.xyz=123"]) #doctest:+IGNORE_EXCEPTION_DETAIL
... except Exception as e:
From 36939bd3d21753c4299ce8b8b5cc0f159fa3d7ca Mon Sep 17 00:00:00 2001
From: Ismail Simsek <6005685+ismailsimsek@users.noreply.github.com>
Date: Wed, 9 Nov 2022 22:12:14 +0100
Subject: [PATCH 6/6] Avoid logging secrets
---
python/debezium/__init__.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/debezium/__init__.py b/python/debezium/__init__.py
index ae884b65..6850733c 100644
--- a/python/debezium/__init__.py
+++ b/python/debezium/__init__.py
@@ -85,7 +85,7 @@ def run(self, *args: str):
"""Starts debezium process
>>> log.addHandler(logging.StreamHandler(sys.stdout))
>>> dbz = Debezium() #doctest:+ELLIPSIS
- VM Classpath...debezium/*',...debezium/lib/*',...jnius/src']
+ VM Classpath...debezium/*',...debezium/lib/*',...debezium/conf',...jnius/src']
>>> try:
... dbz.run(*["source.pwd=pswd","source.password=pswd","abc.xyz=123"]) #doctest:+IGNORE_EXCEPTION_DETAIL
... except Exception as e: