fix: improve redact sql regexp (#3080)

Signed-off-by: tison <wander4096@gmail.com>
2026-01-05 21:02:58 +00:00 · 2024-01-04 22:53:20 +08:00
parent 96b6235f25
commit 44ba131987
1 changed files with 8 additions and 2 deletions
--- a/src/sql/src/util.rs
+++ b/src/sql/src/util.rs
@@ -21,8 +21,8 @@ use sqlparser::ast::{ObjectName, SqlOption, Value};

 static SQL_SECRET_PATTERNS: LazyLock<Vec<Regex>> = LazyLock::new(|| {
    vec![
-        Regex::new(r#"(?i)access_key_id=["'](\w*)["'].*"#).unwrap(),
-        Regex::new(r#"(?i)secret_access_key=["'](\w*)["'].*"#).unwrap(),
+        Regex::new(r#"(?i)access_key_id=["']([^"']*)["'].*"#).unwrap(),
+        Regex::new(r#"(?i)secret_access_key=["']([^"']*)["'].*"#).unwrap(),
    ]
 });

@@ -93,5 +93,11 @@ mod test {
            ),
            r#"COPY 'my_table' FROM '/test.orc' WITH (FORMAT = 'orc') CONNECTION(ENDPOINT = 's3.storage.site', REGION = 'hz', ACCESS_KEY_ID='******', SECRET_ACCESS_KEY="******");"#
        );
+        assert_eq!(
+            redact_sql_secrets(
+                r#"COPY 'my_table' FROM '/test.orc' WITH (FORMAT = 'orc') CONNECTION(ENDPOINT = 's3.storage.site', REGION = 'hz', ACCESS_KEY_ID='@scoped/key_id', SECRET_ACCESS_KEY="@scoped/access_key");"#
+            ),
+            r#"COPY 'my_table' FROM '/test.orc' WITH (FORMAT = 'orc') CONNECTION(ENDPOINT = 's3.storage.site', REGION = 'hz', ACCESS_KEY_ID='******', SECRET_ACCESS_KEY="******");"#
+        );
    }
 }