staging-v25.4.8: importer: sanitize cloud storage URIs in error messages#168040
Merged
rail merged 1 commit intocockroachdb:staging-v25.4.8from Apr 9, 2026
Merged
Conversation
Previously, when an import job failed, error messages in
`readInputFiles` included the full cloud storage URI which could
contain credentials (e.g., `CREDENTIALS=<secret>`). The code already
acknowledged this risk with a comment ("Don't log dataFile here because
it could leak auth information") but the error return paths were not
similarly protected.
Use `cloud.SanitizeExternalStorageURI` to strip credentials from the
data file URI before including it in error messages, following the same
pattern as the backup code's `RedactURIForErrorMessage`. This covers
the three error paths in `readInputFiles` that explicitly embed the
file path: the `pgerror.Newf` for "too many parsing errors" and both
`errors.Wrapf` calls that annotate errors with the file path.
Resolves: cockroachdb#151884
Release note (bug fix): Fixed a bug where IMPORT error messages
could include unredacted cloud storage credentials from the source
URI. Credentials are now stripped from URIs before they appear in
error messages.
Co-Authored-By: roachdev-claude <roachdev-claude-bot@cockroachlabs.com>
|
Thanks for opening a backport. Before merging, please confirm that it falls into one of the following categories (select one):
Add a brief release justification to the PR description explaining your selection. Also, confirm that the change does not break backward compatibility and complies with all aspects of the backport policy. All backports must be reviewed by the TL and EM for the owning area. |
blathers-crl
bot
added
backport
|
It looks like your PR touches production code but doesn't add or edit any test code. Did you consider adding tests to your PR? 🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf. |
Member
|
This change is |
celiala
approved these changes
Apr 9, 2026
celeste-cockroachdb
bot
added
target-release-25.4.8
v25.4.8
and removed
target-release-25.4.8
labels
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport 1/1 commits from #167949.
/cc @cockroachdb/release
Backport 1/1 commits from #164881 on behalf of @mw5h.
Summary
readInputFileserror messages usingcloud.SanitizeExternalStorageURIto strip credentials before includingthem in user-visible errors.
errors.Wrapfcalls that annotate errors with the file path.Resolves: #151884
Release note (bug fix): Fixed a bug where IMPORT error messages
could include unredacted cloud storage credentials from the source
URI. Credentials are now stripped from URIs before they appear in
error messages.
Release justification: Important security fix for an issue encountered by a customer.
Release justification: