Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SPARK-35576][SQL] Redact the sensitive info in the result of Set command #32712

Closed
wants to merge 2 commits into from
Closed

[SPARK-35576][SQL] Redact the sensitive info in the result of Set command #32712

wants to merge 2 commits into from

Conversation

gengliangwang
Copy link
Member

What changes were proposed in this pull request?

Currently, the results of following SQL queries are not redacted:

SET [KEY];
SET;

For example:

scala> spark.sql("set javax.jdo.option.ConnectionPassword=123456").show()
+--------------------+------+
|                 key| value|
+--------------------+------+
|javax.jdo.option....|123456|
+--------------------+------+


scala> spark.sql("set javax.jdo.option.ConnectionPassword").show()
+--------------------+------+
|                 key| value|
+--------------------+------+
|javax.jdo.option....|123456|
+--------------------+------+


scala> spark.sql("set").show()
+--------------------+--------------------+
|                 key|               value|
+--------------------+--------------------+
|javax.jdo.option....|              123456|

We should hide the sensitive information and redact the query output.

Why are the changes needed?

Security.

Does this PR introduce any user-facing change?

Yes, the sensitive information in the output of Set commands are redacted

How was this patch tested?

Unit test

@github-actions github-actions bot added the SQL label May 31, 2021
@gengliangwang
Copy link
Member Author

gengliangwang commented May 31, 2021
edited
Loading

I will have another PR for set -v command, which has a different code path and we need to keep the <undefined> results instead of redacting them.

@SparkQA
Copy link

SparkQA commented May 31, 2021

Kubernetes integration test starting
URL: https://amplab.cs.berkeley.edu/jenkins/job/SparkPullRequestBuilder-K8s/43630/

@SparkQA
Copy link

SparkQA commented May 31, 2021

Kubernetes integration test starting
URL: https://amplab.cs.berkeley.edu/jenkins/job/SparkPullRequestBuilder-K8s/43631/

@SparkQA
Copy link

SparkQA commented May 31, 2021

Kubernetes integration test status success
URL: https://amplab.cs.berkeley.edu/jenkins/job/SparkPullRequestBuilder-K8s/43630/

@SparkQA
Copy link

SparkQA commented May 31, 2021

Kubernetes integration test status success
URL: https://amplab.cs.berkeley.edu/jenkins/job/SparkPullRequestBuilder-K8s/43631/

@SparkQA
Copy link

SparkQA commented May 31, 2021

Test build #139110 has finished for PR 32712 at commit a691720.

  • This patch passes all tests.
  • This patch merges cleanly.
  • This patch adds no public classes.

@SparkQA
Copy link

SparkQA commented May 31, 2021

Test build #139111 has finished for PR 32712 at commit 6716d54.

  • This patch passes all tests.
  • This patch merges cleanly.
  • This patch adds no public classes.

dongjoon-hyun
dongjoon-hyun approved these changes May 31, 2021
View reviewed changes
Copy link
Member

@dongjoon-hyun dongjoon-hyun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1, LGTM. Thanks, @gengliangwang and all.

@dongjoon-hyun
Copy link
Member

dongjoon-hyun commented May 31, 2021
edited
Loading

Merged to master. There is a conflict. Could you make a backport PR, @gengliangwang ?

gengliangwang added a commit to gengliangwang/spark that referenced this pull request Jun 1, 2021
@gengliangwang
[SPARK-35576][SQL] Redact the sensitive info in the result of Set com…
66536fb 
…mand

Currently, the results of following SQL queries are not redacted:
```
SET [KEY];
SET;
```
For example:

```
scala> spark.sql("set javax.jdo.option.ConnectionPassword=123456").show()
+--------------------+------+
|                 key| value|
+--------------------+------+
|javax.jdo.option....|123456|
+--------------------+------+

scala> spark.sql("set javax.jdo.option.ConnectionPassword").show()
+--------------------+------+
|                 key| value|
+--------------------+------+
|javax.jdo.option....|123456|
+--------------------+------+

scala> spark.sql("set").show()
+--------------------+--------------------+
|                 key|               value|
+--------------------+--------------------+
|javax.jdo.option....|              123456|

```

We should hide the sensitive information and redact the query output.

Security.

Yes, the sensitive information in the output of Set commands are redacted

Unit test

Closes apache#32712 from gengliangwang/redactSet.

Authored-by: Gengliang Wang <gengliang@apache.org>
Signed-off-by: Dongjoon Hyun <dhyun@apple.com>
@gengliangwang
Copy link
Member Author

@dongjoon-hyun Thanks for merging. I have opened a cherry-pick PR in #32720

@gengliangwang
Copy link
Member Author

I will have another PR for set -v command, which has a different code path and we need to keep the results instead of redacting them.

I just went over the result of "set -v", it seems that there is no such a configuration requiring redaction. I will leave it alone.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cloud-fan cloud-fan cloud-fan approved these changes

@HyukjinKwon HyukjinKwon HyukjinKwon approved these changes

@dongjoon-hyun dongjoon-hyun dongjoon-hyun approved these changes

Assignees
No one assigned
Labels
SQL
Projects
None yet
Milestone
No milestone
5 participants
@gengliangwang @SparkQA @dongjoon-hyun @cloud-fan @HyukjinKwon