避免FE日志打印URL打印明文token。

Signed-off-by: [email protected] Signed-off-by: xyllq999 <[email protected]>
StarRocks · Nov 4, 2024 · 5276f74 · 5276f74
1 parent 7f6af6a
commit 5276f74
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 10 deletions.
diff --git a/fe/fe-core/src/main/java/com/starrocks/common/util/Util.java b/fe/fe-core/src/main/java/com/starrocks/common/util/Util.java
@@ -41,6 +41,7 @@
 import com.starrocks.catalog.Type;
 import com.starrocks.common.AnalysisException;
 import com.starrocks.common.TimeoutException;
+import com.starrocks.http.WebUtils;
 import com.starrocks.qe.ConnectContext;
 import com.starrocks.server.GlobalStateMgr;
 import com.starrocks.sql.analyzer.SemanticException;
@@ -64,6 +65,8 @@
 import java.util.Set;
 import java.util.concurrent.ThreadLocalRandom;
 import java.util.function.Predicate;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 import java.util.zip.Adler32;
 import java.util.zip.DeflaterOutputStream;
 
@@ -74,6 +77,7 @@ public class Util {
     private static final long DEFAULT_EXEC_CMD_TIMEOUT_MS = 600000L;
 
     public static final String AUTO_GENERATED_EXPR_ALIAS_PREFIX = "EXPR$";
+    private static final Pattern TOKEN_PATTERN = Pattern.compile("token=[^&]*");
 
     private static final String[] ORDINAL_SUFFIX =
             new String[] {"th", "st", "nd", "rd", "th", "th", "th", "th", "th", "th"};
@@ -321,8 +325,10 @@ public static String getResultForUrl(String urlStr, String encodedAuthInfo, int
                                          int readTimeoutMs) {
         StringBuilder sb = new StringBuilder();
         InputStream stream = null;
+        String safeUrl = urlStr;
         try {
             URL url = new URL(urlStr);
+            safeUrl = WebUtils.sanitizeHttpReqUri(urlStr);
             URLConnection conn = url.openConnection();
             if (encodedAuthInfo != null) {
                 conn.setRequestProperty("Authorization", "Basic " + encodedAuthInfo);
@@ -338,14 +344,14 @@ public static String getResultForUrl(String urlStr, String encodedAuthInfo, int
                 sb.append(line);
             }
         } catch (Exception e) {
-            LOG.warn("failed to get result from url: {}. {}", urlStr, e.getMessage());
+            LOG.warn("failed to get result from url: {}. {}", safeUrl, e.getMessage());
             return null;
         } finally {
             if (stream != null) {
                 try {
                     stream.close();
                 } catch (IOException e) {
-                    LOG.warn("failed to close stream when get result from url: {}", urlStr, e);
+                    LOG.warn("failed to close stream when get result from url: {}", safeUrl, e);
                 }
             }
         }

diff --git a/fe/fe-core/src/main/java/com/starrocks/http/rest/RestBaseAction.java b/fe/fe-core/src/main/java/com/starrocks/http/rest/RestBaseAction.java
@@ -42,11 +42,8 @@
 import com.starrocks.common.Pair;
 import com.starrocks.common.StarRocksHttpException;
 import com.starrocks.common.util.UUIDUtil;
-import com.starrocks.http.ActionController;
-import com.starrocks.http.BaseAction;
-import com.starrocks.http.BaseRequest;
-import com.starrocks.http.BaseResponse;
-import com.starrocks.http.HttpConnectContext;
+import com.starrocks.common.util.Util;
+import com.starrocks.http.*;
 import com.starrocks.privilege.AccessDeniedException;
 import com.starrocks.privilege.AuthorizationMgr;
 import com.starrocks.qe.ConnectContext;
@@ -92,18 +89,20 @@ public RestBaseAction(ActionController controller) {
     @Override
     public void handleRequest(BaseRequest request) {
         BaseResponse response = new BaseResponse();
+        String url = request.getRequest().uri();
         try {
+            url = WebUtils.sanitizeHttpReqUri(request.getRequest().uri());
             execute(request, response);
         } catch (AccessDeniedException accessDeniedException) {
-            LOG.warn("failed to process url: {}", request.getRequest().uri(), accessDeniedException);
+            LOG.warn("failed to process url: {}", url, accessDeniedException);
             response.updateHeader(HttpHeaderNames.WWW_AUTHENTICATE.toString(), "Basic realm=\"\"");
             response.appendContent(new RestBaseResult(getErrorRespWhenUnauthorized(accessDeniedException)).toJson());
             writeResponse(request, response, HttpResponseStatus.UNAUTHORIZED);
         } catch (DdlException e) {
-            LOG.warn("fail to process url: {}", request.getRequest().uri(), e);
+            LOG.warn("fail to process url: {}", url, e);
             sendResult(request, response, new RestBaseResult(e.getMessage()));
         } catch (Exception e) {
-            LOG.warn("fail to process url: {}", request.getRequest().uri(), e);
+            LOG.warn("fail to process url: {}", url, e);
             String msg = e.getMessage();
             if (msg == null) {
                 msg = e.toString();