Apache
/
druid
mirror of https://github.com/apache/druid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do not log sensitive property value if JsonConfigurator fails to parse (#11787) 

* Do not log property value if JsonConfigurator fails to parse

* Add comment to explain log change

* Fix log language
This commit is contained in:
Kashif Faraz 2021-10-09 09:59:03 +05:30 committed by GitHub
parent b6b42d3936
commit 7352c83e11
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/src/main/java/org/apache/druid/guice/JsonConfigurator.java
View File

@ -100,7 +100,9 @@ public class JsonConfigurator
value = jsonMapper.readValue(modifiedPropValue, Object.class);
}
catch (IOException e) {
log.info(e, "Unable to parse [%s]=[%s] as a json object, using as is.", prop, propValue);
// Do not log exception message or the property value as it might
// expose sensitive information
log.info("Unable to parse value of property [%s] as a json object, using as is.", prop);
value = propValue;
}
hieraricalPutValue(propertyPrefix, prop, prop.substring(propertyBase.length()), value, jsonMap);