github.com/pingcap/tiflow@v0.0.0-20240520035814-5bf52d54e205/pkg/logutil/sensitive_test.go (about) 1 // Copyright 2022 PingCAP, Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // See the License for the specific language governing permissions and 12 // limitations under the License. 13 14 package logutil 15 16 import ( 17 "crypto/rand" 18 "fmt" 19 "testing" 20 21 "github.com/pingcap/tiflow/dm/pkg/encrypt" 22 "github.com/pingcap/tiflow/dm/pkg/utils" 23 "github.com/stretchr/testify/require" 24 ) 25 26 func TestHideSensitive(t *testing.T) { 27 key := make([]byte, 32) 28 _, err := rand.Read(key) 29 require.NoError(t, err) 30 31 t.Cleanup(func() { 32 encrypt.InitCipher(nil) 33 }) 34 encrypt.InitCipher(key) 35 encryptedPass, err := utils.Encrypt("this is password") 36 require.NoError(t, err) 37 38 strs := []struct { 39 old string 40 new string 41 }{ 42 { // operate source 43 fmt.Sprintf(`from:\n host: 127.0.0.1\n user: root\n password: '%s'\n port: 3306\n`, encryptedPass), 44 `from:\n host: 127.0.0.1\n user: root\n password: ******\n port: 3306\n`, 45 }, { // operate source empty password 46 `from:\n host: 127.0.0.1\n user: root\n password: \n port: 3306\n`, 47 `from:\n host: 127.0.0.1\n user: root\n password: ******\n port: 3306\n`, 48 }, { // start task 49 fmt.Sprintf(`\n\ntarget-database:\n host: \"127.0.0.1\"\n port: 4000\n user: \"test\"\n password: \"%s\"\n\nmysql-instances:\n - source-id: \"mysql-replica-01\"\n`, encryptedPass), 50 `\n\ntarget-database:\n host: \"127.0.0.1\"\n port: 4000\n user: \"test\"\n password: \"******\"\n\nmysql-instances:\n - source-id: \"mysql-replica-01\"\n`, 51 }, { // start task empty passowrd 52 `\n\ntarget-database:\n host: \"127.0.0.1\"\n port: 4000\n user: \"test\"\n password: \"\"\n\nmysql-instances:\n - source-id: \"mysql-replica-01\"\n`, 53 `\n\ntarget-database:\n host: \"127.0.0.1\"\n port: 4000\n user: \"test\"\n password: \"******\"\n\nmysql-instances:\n - source-id: \"mysql-replica-01\"\n`, 54 }, { // operate source 55 fmt.Sprintf(`user: root\n password: '%s'\n port: 3306 security:\n ssl-ca-bytes:\n - 45\n ssl-key-bytes:\n - 45\n ssl-cert-bytes:\n - 45\npurge:`, encryptedPass), 56 `user: root\n password: ******\n port: 3306 security:\n ssl-ca-bytes: "******"\n ssl-key-bytes: "******"\n ssl-cert-bytes: "******"\npurge:`, 57 }, { // start task with ssl 58 `\n\ntarget-database:\n host: \"127.0.0.1\"\n port: 4000\n user: \"test\"\n password: \"\"\n security:\n ssl-ca-bytes:\n - 45\n ssl-key-bytes:\n - 45\n ssl-cert-bytes:\n - 45\nmysql-instances:\n - source-id: \"mysql-replica-01\"\n`, 59 `\n\ntarget-database:\n host: \"127.0.0.1\"\n port: 4000\n user: \"test\"\n password: \"******\"\n security:\n ssl-ca-bytes: "******"\n ssl-key-bytes: "******"\n ssl-cert-bytes: "******"\nmysql-instances:\n - source-id: \"mysql-replica-01\"\n`, 60 }, { // engine dm job with ssl 61 `c="id:\"test_job\" config:\"ssl-ca-bytes: -----BEGIN CERTIFICATE-----\\nrandom1\\nrandom2\\nrandom3\\n-----END CERTIFICATE-----\\nssl-key-bytes: '-----BEGIN PRIVATE KEY-----\\nrandom1\\nrandom2\\n-----END PRIVATE KEY-----'\\nssl-cert-bytes: \\\"-----BEGIN CERTIFICATE REQUEST-----\\nrandom1\\nrandom2\\nrandom3\\n-----END CERTIFICATE REQUEST-----\\\"\""`, 62 `c="id:\"test_job\" config:\"ssl-ca-bytes: "******"\\nssl-key-bytes: "******"\\nssl-cert-bytes: "******"\\\"\""`, 63 }, 64 } 65 for _, str := range strs { 66 require.Equal(t, str.new, HideSensitive(str.old)) 67 } 68 }