From 1b77c60b0a7cc85db26f28addd0f9459520936b3 Mon Sep 17 00:00:00 2001
From: anti.veeranna
Date: Tue, 6 Dec 2011 10:17:40 +0200
Subject: filter potential passwords in connstr before logging it

---
 python/skytools/scripting.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'python/skytools/scripting.py')

diff --git a/python/skytools/scripting.py b/python/skytools/scripting.py
index b0badda9..8bce30fe 100644
--- a/python/skytools/scripting.py
+++ b/python/skytools/scripting.py
@@ -3,7 +3,7 @@
 
 """
 
-import sys, os, signal, optparse, time, errno, select
+import sys, os, signal, optparse, time, errno, select, re
 import logging, logging.handlers, logging.config
 
 import skytools
@@ -712,7 +712,9 @@ class DBScript(BaseScript):
         else:
             if not connstr:
                 connstr = self.cf.get(dbname)
-            self.log.debug("Connect '%s' to '%s'" % (cache, connstr))
+            # connstr might contain password, it is not a good idea to log it
+            filtered_connstr = re.sub(' password=\S+', ' password=***HIDDEN***', connstr)
+            self.log.debug("Connect '%s' to '%s'" % (cache, filtered_connstr))
             dbc = DBCachedConn(cache, connstr, params['max_age'], setup_func = self.connection_hook)
             self.db_cache[cache] = dbc
 
-- 
cgit v1.2.3