Bug Report
Please answer these questions before submitting your issue. Thanks!
1. Minimal reproduce step (Required)
-
Prepare an import source whose path contains secret query parameters, for example:
s3://bucket/path?access-key=AKIA_TEST&secret-access-key=SECRET_TEST&session-token=TOKEN_TEST
-
Trigger any outward-facing pkg/importsdk error that wraps source=%s, for example:
- call
importsdk.NewImportSDK(...) with an unsupported storage scheme, or
- call
CreateSchemasAndTables on a source containing an invalid schema file such as CREATE TABLE t1 (id INT,);
-
Observe the returned error string.
2. What did you expect to see? (Required)
The returned error should redact sensitive query parameters in the source path, for example:
source=s3://bucket/path?access-key=xxxxxx&secret-access-key=xxxxxx&session-token=xxxxxx
3. What did you see instead (Required)
pkg/importsdk returned outward-facing errors containing the raw source path, so access-key, secret-access-key, and session-token were leaked in the source= fragment of the error message.
4. What is your TiDB version? (Required)
master (a83fcdb232)
Bug Report
Please answer these questions before submitting your issue. Thanks!
1. Minimal reproduce step (Required)
Prepare an import source whose path contains secret query parameters, for example:
Trigger any outward-facing
pkg/importsdkerror that wrapssource=%s, for example:importsdk.NewImportSDK(...)with an unsupported storage scheme, orCreateSchemasAndTableson a source containing an invalid schema file such asCREATE TABLE t1 (id INT,);Observe the returned error string.
2. What did you expect to see? (Required)
The returned error should redact sensitive query parameters in the source path, for example:
3. What did you see instead (Required)
pkg/importsdkreturned outward-facing errors containing the raw source path, soaccess-key,secret-access-key, andsession-tokenwere leaked in thesource=fragment of the error message.4. What is your TiDB version? (Required)
master (
a83fcdb232)