-
Notifications
You must be signed in to change notification settings - Fork 28.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SPARK-35576][SQL] Redact the sensitive info in the result of Set command #32712
Conversation
I will have another PR for |
Kubernetes integration test starting |
Kubernetes integration test starting |
Kubernetes integration test status success |
Kubernetes integration test status success |
Test build #139110 has finished for PR 32712 at commit
|
Test build #139111 has finished for PR 32712 at commit
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1, LGTM. Thanks, @gengliangwang and all.
Merged to master. There is a conflict. Could you make a backport PR, @gengliangwang ? |
…mand Currently, the results of following SQL queries are not redacted: ``` SET [KEY]; SET; ``` For example: ``` scala> spark.sql("set javax.jdo.option.ConnectionPassword=123456").show() +--------------------+------+ | key| value| +--------------------+------+ |javax.jdo.option....|123456| +--------------------+------+ scala> spark.sql("set javax.jdo.option.ConnectionPassword").show() +--------------------+------+ | key| value| +--------------------+------+ |javax.jdo.option....|123456| +--------------------+------+ scala> spark.sql("set").show() +--------------------+--------------------+ | key| value| +--------------------+--------------------+ |javax.jdo.option....| 123456| ``` We should hide the sensitive information and redact the query output. Security. Yes, the sensitive information in the output of Set commands are redacted Unit test Closes apache#32712 from gengliangwang/redactSet. Authored-by: Gengliang Wang <gengliang@apache.org> Signed-off-by: Dongjoon Hyun <dhyun@apple.com>
@dongjoon-hyun Thanks for merging. I have opened a cherry-pick PR in #32720 |
I just went over the result of "set -v", it seems that there is no such a configuration requiring redaction. I will leave it alone. |
What changes were proposed in this pull request?
Currently, the results of following SQL queries are not redacted:
For example:
We should hide the sensitive information and redact the query output.
Why are the changes needed?
Security.
Does this PR introduce any user-facing change?
Yes, the sensitive information in the output of Set commands are redacted
How was this patch tested?
Unit test