This is an automated email from the ASF dual-hosted git repository.
yiguolei pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/master by this push:
new 56648e0bd65 [Bug](security) BE SingleReplicaCompaction download_files
function exists log print sensitive msg #28929 (#28930)
56648e0bd65 is described below
commit 56648e0bd65937cf2f50779756a283c3e0051b19
Author: Rohit Satardekar <rohitrs1...@yahoo.com>
AuthorDate: Sat Dec 30 18:20:08 2023 +0530
[Bug](security) BE SingleReplicaCompaction download_files function exists
log print sensitive msg #28929 (#28930)
Co-authored-by: Rohit Satardekar <rohitrs1...@gmail.com>
---
be/src/olap/single_replica_compaction.cpp | 18 ++++++++++++------
be/src/olap/single_replica_compaction.h | 1 +
2 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/be/src/olap/single_replica_compaction.cpp
b/be/src/olap/single_replica_compaction.cpp
index 2a8edb60471..72a0cdfc01c 100644
--- a/be/src/olap/single_replica_compaction.cpp
+++ b/be/src/olap/single_replica_compaction.cpp
@@ -382,7 +382,7 @@ Status SingleReplicaCompaction::_download_files(DataDir*
data_dir,
// then it will try to clone from BE 2, but it will find the file 1
already exist, but file 1 with same
// name may have different versions.
VLOG_DEBUG << "single replica compaction begin to download files, remote
path="
- << remote_url_prefix << " local_path=" << local_path;
+ << _mask_token(remote_url_prefix) << " local_path=" <<
local_path;
RETURN_IF_ERROR(io::global_local_filesystem()->delete_directory(local_path));
RETURN_IF_ERROR(io::global_local_filesystem()->create_directory(local_path));
@@ -442,11 +442,11 @@ Status SingleReplicaCompaction::_download_files(DataDir*
data_dir,
std::string local_file_path = local_path + file_name;
- LOG(INFO) << "single replica compaction begin to download file from: "
<< remote_file_url
- << " to: " << local_file_path << ". size(B): " << file_size
- << ", timeout(s): " << estimate_timeout;
+ LOG(INFO) << "single replica compaction begin to download file from: "
+ << _mask_token(remote_file_url) << " to: " << local_file_path
+ << ". size(B): " << file_size << ", timeout(s): " <<
estimate_timeout;
- auto download_cb = [&remote_file_url, estimate_timeout,
&local_file_path,
+ auto download_cb = [this, &remote_file_url, estimate_timeout,
&local_file_path,
file_size](HttpClient* client) {
RETURN_IF_ERROR(client->init(remote_file_url));
client->set_timeout_ms(estimate_timeout * 1000);
@@ -456,7 +456,8 @@ Status SingleReplicaCompaction::_download_files(DataDir*
data_dir,
uint64_t local_file_size =
std::filesystem::file_size(local_file_path);
if (local_file_size != file_size) {
LOG(WARNING) << "download file length error"
- << ", remote_path=" << remote_file_url << ",
file_size=" << file_size
+ << ", remote_path=" <<
_mask_token(remote_file_url)
+ << ", file_size=" << file_size
<< ", local_file_size=" << local_file_size;
return Status::InternalError("downloaded file size is not
equal");
}
@@ -582,4 +583,9 @@ Status SingleReplicaCompaction::_finish_clone(const string&
clone_dir,
return res;
}
+std::string SingleReplicaCompaction::_mask_token(const std::string& str) {
+ std::regex pattern("token=[\\w|-]+");
+ return regex_replace(str, pattern, "token=******");
+}
+
} // namespace doris
diff --git a/be/src/olap/single_replica_compaction.h
b/be/src/olap/single_replica_compaction.h
index 7ccfe09f7ae..fd35da12645 100644
--- a/be/src/olap/single_replica_compaction.h
+++ b/be/src/olap/single_replica_compaction.h
@@ -60,6 +60,7 @@ private:
const std::string& local_path);
Status _release_snapshot(const std::string& ip, int port, const
std::string& snapshot_path);
Status _finish_clone(const string& clone_dir, const Version& version);
+ std::string _mask_token(const std::string& str);
CompactionType _compaction_type;
DISALLOW_COPY_AND_ASSIGN(SingleReplicaCompaction);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
