Fix postgresql password exposure in metrics
Fix the password exposure in the metrics or tags. closes #821 closes #845
This commit is contained in:
		
							parent
							
								
									a4d60d9750
								
							
						
					
					
						commit
						2fbcb5c6d8
					
				|  | @ -29,6 +29,7 @@ | |||
| - [#713](https://github.com/influxdata/telegraf/issues/713): packaging: insecure permissions error on log directory | ||||
| - [#816](https://github.com/influxdata/telegraf/issues/816): Fix phpfpm panic if fcgi endpoint unreachable. | ||||
| - [#828](https://github.com/influxdata/telegraf/issues/828): fix net_response plugin overwriting host tag. | ||||
| - [#821](https://github.com/influxdata/telegraf/issues/821): Remove postgres password from server tag. Thanks @menardorama! | ||||
| 
 | ||||
| ## v0.10.4.1 | ||||
| 
 | ||||
|  |  | |||
|  | @ -4,13 +4,14 @@ import ( | |||
| 	"bytes" | ||||
| 	"database/sql" | ||||
| 	"fmt" | ||||
| 	"regexp" | ||||
| 	"sort" | ||||
| 	"strings" | ||||
| 
 | ||||
| 	"github.com/influxdata/telegraf" | ||||
| 	"github.com/influxdata/telegraf/plugins/inputs" | ||||
| 
 | ||||
| 	_ "github.com/lib/pq" | ||||
| 	"github.com/lib/pq" | ||||
| ) | ||||
| 
 | ||||
| type Postgresql struct { | ||||
|  | @ -18,6 +19,7 @@ type Postgresql struct { | |||
| 	Databases        []string | ||||
| 	OrderedColumns   []string | ||||
| 	AllColumns       []string | ||||
| 	sanitizedAddress string | ||||
| } | ||||
| 
 | ||||
| var ignoredColumns = map[string]bool{"datid": true, "datname": true, "stats_reset": true} | ||||
|  | @ -133,6 +135,23 @@ type scanner interface { | |||
| 	Scan(dest ...interface{}) error | ||||
| } | ||||
| 
 | ||||
| var passwordKVMatcher, _ = regexp.Compile("password=\\S+ ?") | ||||
| 
 | ||||
| func (p *Postgresql) SanitizedAddress() (_ string, err error) { | ||||
| 	var canonicalizedAddress string | ||||
| 	if strings.HasPrefix(p.Address, "postgres://") || strings.HasPrefix(p.Address, "postgresql://") { | ||||
| 		canonicalizedAddress, err = pq.ParseURL(p.Address) | ||||
| 		if err != nil { | ||||
| 			return p.sanitizedAddress, err | ||||
| 		} | ||||
| 	} else { | ||||
| 		canonicalizedAddress = p.Address | ||||
| 	} | ||||
| 	p.sanitizedAddress = passwordKVMatcher.ReplaceAllString(canonicalizedAddress, "") | ||||
| 
 | ||||
| 	return p.sanitizedAddress, err | ||||
| } | ||||
| 
 | ||||
| func (p *Postgresql) accRow(row scanner, acc telegraf.Accumulator) error { | ||||
| 	var columnVars []interface{} | ||||
| 	var dbname bytes.Buffer | ||||
|  | @ -165,7 +184,13 @@ func (p *Postgresql) accRow(row scanner, acc telegraf.Accumulator) error { | |||
| 		dbname.WriteString("postgres") | ||||
| 	} | ||||
| 
 | ||||
| 	tags := map[string]string{"server": p.Address, "db": dbname.String()} | ||||
| 	var tagAddress string | ||||
| 	tagAddress, err = p.SanitizedAddress() | ||||
| 	if err != nil { | ||||
| 		return err | ||||
| 	} | ||||
| 
 | ||||
| 	tags := map[string]string{"server": tagAddress, "db": dbname.String()} | ||||
| 
 | ||||
| 	fields := make(map[string]interface{}) | ||||
| 	for col, val := range columnMap { | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue