Skip to content

[Feature-17398][Task] Avoid leaking sensitive Dinky task logs#18397

Open
qiuyanjun888 wants to merge 3 commits into
apache:devfrom
qiuyanjun888:Feature-17398
Open

[Feature-17398][Task] Avoid leaking sensitive Dinky task logs#18397
qiuyanjun888 wants to merge 3 commits into
apache:devfrom
qiuyanjun888:Feature-17398

Conversation

@qiuyanjun888

Copy link
Copy Markdown
Contributor

Was this PR generated or assisted by AI?

YES. This pull request was assisted by Hermes Agent / OpenAI Codex for code changes, focused tests, documentation updates, and local verification. The scope and final submission were directed by the contributor.

Purpose of the pull request

Fix #17398.

Avoid leaking sensitive Dinky task information in task logs.

This pull request supersedes #18395, which was closed because the original description did not include the AI-assistance declaration required by the current pull request template.

Brief change log

  • Summarize Dinky task parameters instead of logging full task parameter JSON.
  • Summarize local variables by size and keys instead of logging values.
  • Avoid logging full Dinky API success response bodies; log status code and response length only.
  • Sanitize Dinky API error messages before logging or throwing task exceptions.
  • Avoid logging raw malformed Dinky API responses through JSON parse exceptions.
  • Extend SensitiveDataConverter coverage for common sensitive key/value formats.

Verify this pull request

This change added tests and can be verified as follows:

  • ./mvnw -pl dolphinscheduler-task-plugin/dolphinscheduler-task-api,dolphinscheduler-task-plugin/dolphinscheduler-task-dinky -am -DskipUT=false -DskipITs -DskipE2E -Dcheckstyle.skip -Dspotless.check.skip -Djacoco.skip=true -Dsurefire.failIfNoSpecifiedTests=false -Dtest=SensitiveDataConverterTest,DinkyLogSanitizerTest test
  • ./mvnw -pl dolphinscheduler-task-plugin/dolphinscheduler-task-api,dolphinscheduler-task-plugin/dolphinscheduler-task-dinky -am spotless:apply
  • git diff --check

Pull Request Notice

Pull Request Notice

@SbloodyS SbloodyS added the improvement make more easy to user or prompt friendly label Jul 10, 2026
@SbloodyS SbloodyS added this to the 3.5.0 milestone Jul 10, 2026
private static final String KNOWN_SENSITIVE_CONFIGURATION_KEY_REGEX =
"(?:password|access[._-]?key(?:[._-]?(?:id|secret))?|secret[._-]?access[._-]?key|secret[._-]?key)";

private static final Pattern QUOTED_SENSITIVE_CONFIGURATION_PATTERN = Pattern.compile(

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.*? does not distinguish an escaped quote from the actual string terminator.

eg, given valid JSON:

{"password":"abc\"VISIBLE_SUFFIX","bucket":"ds"}

result output:

{"password":"******\"VISIBLE_SUFFIX","bucket":"ds"}

result = mapper.readTree(res);
} catch (JsonProcessingException e) {
log.error("dinky task submit failed with error", e);
log.error("dinky task response parse failed, responseLength: {}, errorType: {}",

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The parse error should fail explicitly.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed by throwing DinkyTaskException when the Dinky response cannot be parsed. The exception only includes the response length and parser exception type, and the regression test verifies explicit failure without exposing sensitive response values.

Verification: ./mvnw -pl dolphinscheduler-task-plugin/dolphinscheduler-task-dinky -Dtest='DinkyLogSanitizerTest#testParseMalformedResponseFailsExplicitlyWithoutExposingRawResponse' clean test passed.

}

@Test
void testParseMalformedResponseReturnsNullWithoutExposingRawResponse() throws Exception {

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This only asserts that the return value is null; it does not capture or inspect any log event. The test would also pass with the old implementation even if the raw response were written through the exception log.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backend improvement make more easy to user or prompt friendly test

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Feature][API] Logs support blocking database passwords or sensitive configurations such as S3/OSS access-key and secert-key

2 participants