Skip to content

Commit

Permalink
Don't log connection-uri on connection failure (#192)
Browse files Browse the repository at this point in the history
An aggressive fix for #189
It simply replaces a non-empty string entirely, to avoid the difficulties
in parsing the uri and removing only the password.
  • Loading branch information
whenceforth authored Oct 21, 2020
1 parent 2fb0c90 commit ae15dec
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 3 deletions.
11 changes: 9 additions & 2 deletions src/migratus/utils.clj
Original file line number Diff line number Diff line change
Expand Up @@ -87,11 +87,18 @@
[^String s]
(str/replace s "\\" "/"))

(defn censor-password
"Show only first character of password if given db-spec has password"
(defmulti censor-password class)

(defmethod censor-password String [uri]
(if (empty? uri)
""
"uri-censored"))

(defmethod censor-password :default
[{:keys [password] :as db-spec}]
(if (empty? password)
db-spec
;; Show only first character of password if given db-spec has password
(assoc db-spec
:password (str (subs password 0 (min 1 (count password)))
"<censored>"))))
4 changes: 3 additions & 1 deletion test/migratus/test/utils.clj
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,6 @@
(is (= "" (censor-password "")))
(is (= {:password nil} (censor-password {:password nil})))
(is (= {:password "1<censored>" :user "user"}
(censor-password {:password "1234" :user "user"}))))
(censor-password {:password "1234" :user "user"})))
(is (= "uri-censored"
(censor-password "jdbc:postgresql://fake.rds.amazonaws.com/capital_thing?user=capital_db&password=thisIsNot123ARealPass"))))

0 comments on commit ae15dec

Please sign in to comment.