Correctly mask the DSN in logs when the password is empty

spreaker · Dec 11, 2018 · b1b899e · b1b899e
1 parent 702cdde
commit b1b899e
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,7 @@
 # Changelog
 
+- [BUGFIX] Correctly mask the DSN in logs when the password is empty
+
 ### 2.0.0 (2018-12-05)
 - [BREAKING CHANGE] Renamed `pgbouncer_stats_queries_total` to `pgbouncer_stats_requests_total` on pgbouncer <= 1.7
 - [FEATURE] Added pgbouncer >= 1.8 support [#8](https://github.com/spreaker/prometheus-pgbouncer-exporter/pull/8) (thanks to [bitglue](https://github.com/bitglue)), including the following new metrics:

diff --git a/prometheus_pgbouncer_exporter/config.py b/prometheus_pgbouncer_exporter/config.py
@@ -7,7 +7,7 @@
 ENV_VAR_REPLACER_PATTERN = re.compile(r'\$\(([^\)]+)\)')
 
 # Define the regex used to mask the password in the DSN
-DSN_PASSWORD_MASK_PATTERN = re.compile(r'^(.*:)([^@]+)(@.*)$')
+DSN_PASSWORD_MASK_PATTERN = re.compile(r'^(.*:)([^@]*)(@.*)$')
 
 
 class Config():

diff --git a/tests/test_config.py b/tests/test_config.py
@@ -153,6 +153,14 @@ def testValidateShouldPassOnTwoPgbouncersWithDifferentExtraLabels(self):
 
 class TestPgbouncerConfig(unittest.TestCase):
 
+    def testGetDsnWithMaskedPasswordShouldReturnDsnWithThreeAsterisksInsteadOfThePassword(self):
+        config = PgbouncerConfig({"dsn": "postgresql://pgbouncer:secret@localhost:6431/pgbouncer"})
+        self.assertEqual(config.getDsnWithMaskedPassword(), "postgresql://pgbouncer:***@localhost:6431/pgbouncer")
+
+    def testGetDsnWithMaskedPasswordShouldWorkEvenIfThePasswordIsEmpty(self):
+        config = PgbouncerConfig({"dsn": "postgresql://pgbouncer:@localhost:6431/pgbouncer"})
+        self.assertEqual(config.getDsnWithMaskedPassword(), "postgresql://pgbouncer:***@localhost:6431/pgbouncer")
+
     def testValidateShouldPassOnConfigContainingOnlyDsn(self):
         config = PgbouncerConfig({"dsn": "postgresql://"})
         config.validate()