-
Notifications
You must be signed in to change notification settings - Fork 186
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[PoC] - prevent leaking of secrets when running validate_dict #2027
base: devel
Are you sure you want to change the base?
Conversation
✅ Deploy Preview for dlt-hub-docs canceled.
|
db97219
to
840832c
Compare
|
||
def obfuscate_string(s: str) -> str: | ||
"""Obfuscates string by replacing some or all characters with asterisks""" | ||
if len(s) < 6: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd consider replacing this magic number with a constant and maybe use a single constant for both this place as well as here:
dlt/dlt/sources/rest_api/__init__.py
Line 449 in c0e4795
def _mask_secret(secret: Optional[str]) -> str: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
actually I think we can get rid of this mask_secrets code entirely, no?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This implementation is nice! I think it would allow us to delete TODO comments, such as here:
dlt/dlt/sources/rest_api/__init__.py
Line 434 in c0e4795
# Here, we assume that OAuth2 and other custom classes that don't implement __get__() |
Just in case you have discussed this already, you could maybe update the discussion here with your results:
#1797
Anton and I argued for the method this PR proposes, Marcin was against it.
@willi-mueller what where the arguments against implementing it this way? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, two important from my point of view to consider:
- Allow the user to disable the obfuscation via a setting in runtime configuration
- Instead of partial masking of the secrets where we leave first and last character, do the total masking as @rudolfix initially suggested.
Description
This change will require the
DictValidationException
to have the full incoming validatable object. We extract all strings from this object and make sure that the error message does not have any of these in clear text.We could probably allow the user to set an env var to disable this obfuscator for development.
Originally the plan was to also do stuff to prevent leakage from the configs, but the
__str__
method of configs currently is not implemented and just returns the default python object identifier. So I don't think there is anything to be done there.