Skip to content

Commit

Permalink
Censoring hotfix (move-coop#557)
Browse files Browse the repository at this point in the history
* censor sensitive data in debug log of copy statement

* censoring another logger

* only censor items when present

* censor non-None in unload()
  • Loading branch information
ydamit authored Aug 5, 2021
1 parent 85afda1 commit 8a753e6
Showing 1 changed file with 19 additions and 11 deletions.
30 changes: 19 additions & 11 deletions parsons/databases/redshift/redshift.py
Original file line number Diff line number Diff line change
Expand Up @@ -560,13 +560,18 @@ def copy(self, tbl, table_name, if_exists='fail', max_errors=0, distkey=None,

# Copy from S3 to Redshift
sql = self.copy_statement(table_name, self.s3_temp_bucket, key, **copy_args)
sql_censored = sql.replace(
aws_access_key_id,
'XXXXXXXXXXXX'
).replace(
aws_secret_access_key,
'YYYYYYYYYYYYY'
)
sql_censored = sql
if aws_access_key_id:
sql_censored = sql_censored.replace(
aws_access_key_id,
'XXXXXXXXXXXX'
)
if aws_secret_access_key:
sql_censored = sql_censored.replace(
aws_secret_access_key,
'YYYYYYYYYYYYY'
)

logger.debug(f'Copy SQL command: {sql_censored}')
self.query_with_connection(sql, connection, commit=False)

Expand Down Expand Up @@ -666,15 +671,18 @@ def unload(self, sql, bucket, key_prefix, manifest=True, header=True, delimiter=

logger.info(f'Unloading data to s3://{bucket}/{key_prefix}')
# Censor sensitive data
logger.debug(
statement.replace(
statement_censored = statement
if aws_access_key_id:
statement_censored.replace(
aws_access_key_id,
'XXXXXXXXXXXX'
).replace(
)
if aws_secret_access_key:
statement_censored.replace(
aws_secret_access_key,
'YYYYYYYYYYYYY'
)
)
logger.debug(statement_censored)

return self.query(statement)

Expand Down

0 comments on commit 8a753e6

Please sign in to comment.