[FLINK-34499] Configuration#toString hides sensitive values

apache · Feb 29, 2024 · e770cef · e770cef
1 parent 9802d24
commit e770cef
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 1 deletion.
diff --git a/flink-core/src/main/java/org/apache/flink/configuration/Configuration.java b/flink-core/src/main/java/org/apache/flink/configuration/Configuration.java
@@ -39,6 +39,7 @@
 import java.util.Properties;
 import java.util.Set;
 import java.util.function.BiFunction;
+import java.util.stream.Collectors;
 
 import static org.apache.flink.configuration.ConfigurationUtils.canBePrefixMap;
 import static org.apache.flink.configuration.ConfigurationUtils.containsPrefixMap;
@@ -1007,6 +1008,12 @@ public boolean equals(Object obj) {
 
     @Override
     public String toString() {
-        return this.confData.toString();
+        return ConfigurationUtils.hideSensitiveValues(
+                        this.confData.entrySet().stream()
+                                .collect(
+                                        Collectors.toMap(
+                                                Map.Entry::getKey,
+                                                entry -> entry.getValue().toString())))
+                .toString();
     }
 }
diff --git a/flink-core/src/test/java/org/apache/flink/configuration/ConfigurationTest.java b/flink-core/src/test/java/org/apache/flink/configuration/ConfigurationTest.java
@@ -35,6 +35,7 @@
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.hamcrest.Matchers.containsInAnyOrder;
 import static org.hamcrest.Matchers.containsString;
+import static org.hamcrest.Matchers.not;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
@@ -496,6 +497,19 @@ public void testMapParserErrorDoesNotLeakSensitiveData() {
                                         .doesNotContain("secret_value"));
     }
 
+    @Test
+    public void testToStringDoesNotLeakSensitiveData() {
+        ConfigOption<Map<String, String>> secret =
+                ConfigOptions.key("secret").mapType().noDefaultValue();
+
+        assertTrue(GlobalConfiguration.isSensitive(secret.key()));
+
+        final Configuration cfg = new Configuration();
+        cfg.setString(secret.key(), "secret_value");
+
+        assertThat(cfg.toString(), not(containsString("secret_value")));
+    }
+
     // --------------------------------------------------------------------------------------------
     // Test classes
     // --------------------------------------------------------------------------------------------