Skip to content

Avoid logging MySQL connection configs #1501

Merged
meiji163 merged 2 commits intomasterfrom
alert-autofix-2
Feb 28, 2025
Merged

Avoid logging MySQL connection configs #1501
meiji163 merged 2 commits intomasterfrom
alert-autofix-2

Conversation

@meiji163
Copy link
Contributor

@meiji163 meiji163 commented Feb 28, 2025
edited
Loading

Avoid logging MySQL connection configs.
Fix for https://github.com/github/gh-ost/security/code-scanning/2

meiji163 and others added 2 commits February 28, 2025 10:19
@meiji163 @github-advanced-security
Fix clear-text logging of connection config
5050607 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@meiji163
don't log connection configs
5e2ec1f
@meiji163 meiji163 marked this pull request as ready for review February 28, 2025 18:51
Copilot AI review requested due to automatic review settings February 28, 2025 18:51
Copilot AI reviewed Feb 28, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Overview

This pull request addresses a code scanning alert related to clear-text logging of sensitive MySQL connection configurations by removing sensitive data from the error message.

  • Introduces a new error constant, ErrMigrationNotAllowedOnMaster, which avoids logging sensitive connection configuration details.
  • Refactors error handling to utilize the new constant instead of formatting sensitive configuration data into the error message.

Reviewed Changes

File Description
go/logic/migrator.go Defines a new error constant and updates existing error handling to prevent sensitive info logging

Copilot reviewed 1 out of 1 changed files in this pull request and generated no comments.

Comments suppressed due to low confidence (1)

go/logic/migrator.go:27

  • [nitpick] Consider rephrasing the error message for clarity by using past tense (e.g., 'attempted' instead of 'attempt') to improve grammatical accuracy.
ErrMigrationNotAllowedOnMaster = errors.New("It seems like this migration attempt to run directly on master. Preferably it would be executed on a replica (this reduces load from the master). To proceed please provide --allow-on-master.")

Tip: Copilot code review supports C#, Go, Java, JavaScript, Markdown, Python, Ruby and TypeScript, with more languages coming soon. Learn more

@meiji163 meiji163 changed the title Potential fix for code scanning alert no. 2: Clear-text logging of sensitive information Avoid logging MySQL connection configs Feb 28, 2025
@meiji163 meiji163 merged commit 7ea3047 into master Feb 28, 2025
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@susanzhang27 susanzhang27 susanzhang27 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@meiji163 @susanzhang27