chore: bol load: additinal metric release #5257

lvrach · 2024-11-01T10:43:16Z

No description provided.

…e.bol-load-r3

…into chore.bol-load-r5

… chore.bol-load-r7

jobsdb/cmd/bench/main.go

+	dbURL := fmt.Sprintf("postgres://postgres:%s@localhost:%d/testdb?sslmode=disable", randomPassword, freePort)
+
+	// Print the database URL
+	fmt.Printf("Database URL: %s\n", dbURL)


To fix the problem, we need to ensure that the sensitive information (i.e., the password) is not logged in clear text. The best way to do this is to remove the password from the dbURL string before logging it. We can log the dbURL without the password, and if necessary, log a placeholder or a masked version of the password.

Remove the password from the dbURL string before logging it.

Log the dbURL without the password.

Ensure that the functionality of connecting to the database remains unchanged.

jobsdb/cmd/bench/main.go

+	fmt.Printf("\nFinal results:\n")
+	fmt.Printf("Processed %d events in %v\n", totalEvents, elapsed)
+	fmt.Printf("Average rate: %.2f events/second\n", float64(totalEvents)/elapsed.Seconds())
+	fmt.Printf("Database URL: %s\n", dbURL)


To fix the problem, we should avoid logging the dbURL that contains the sensitive randomPassword. Instead, we can log a version of the URL with the password obfuscated or simply omit the password from the log. This ensures that sensitive information is not exposed in the logs.

The best way to fix this without changing existing functionality is to modify the log statement on line 261 to exclude the password. We can achieve this by constructing a new version of the dbURL without the password for logging purposes.

…re.bol-load-foo

achettyiitr and others added 30 commits October 21, 2024 03:45

feat: warehouse transformer

98f7827

Feat.warehouse transformer fuzz (#5206)

a1fd52e

chore: adding failed seed data files

14aa043

Add client side load balancing support for transformer requests

b388415

exp: jobsdb bench

85befe3

Configured CSLB to our use case

937c8d0

chore: adapt internal migrations to accommodate bytea columns

872a449

chore: remove compression

f538f03

fix: cast to text before converting to binary

8eb9dc3

Merge remote-tracking branch 'origin/feat.transformer-cslb' into chor…

3ceca48

…e.bol-load-r3

chore: check the column type on src and dest dataset's jobs table

06dbbe4

fix: refresh connections to avoid hotspotting of load distribution

12a8e21

fixes

679daa9

Implemented for processor transformations

b3cd6ea

Merge remote-tracking branch 'origin/fix.refresh-transformer-client' …

4e3049e

…into chore.bol-load-r5

chore: add stat in both processor and badgerDedup

2819bc7

exp: use simple byte indexing instead of marshalling

8e12242

fix panic

9cb1ff2

Merge remote-tracking branch 'origin/feat.warehouse-transformer' into…

a231ddb

… chore.bol-load-r7

chore: use hash for pr builds

60e34b8

use go code for warehouse transformations

37f0270

fixes

7b35136

cache for better perfromance

1316780

sync map

35ecbbb

additional optimisations

93ee8db

fix: dedup duration stat name fix

5ff3872

chore: add metric from sentAt

cf2e146

chore: match buckets

445896a

find sent at inside message

b85553d

feat: add httplb

cdb2e30

github-advanced-security bot found potential problems Nov 12, 2024

View reviewed changes

lvrach added 4 commits November 12, 2024 22:40

Merge branch 'master' of github.com:rudderlabs/rudder-server into cho…

5127aa1

…re.bol-load-foo

add configs for stdlib

3142d0b

use common transport configurations

4eb5b8a

use common transport configurations

3c3f2b8

@@ -145,5 +145,6 @@
             	// Construct the database URL
-            	dbURL := fmt.Sprintf("postgres://postgres:%s@localhost:%d/testdb?sslmode=disable", randomPassword, freePort)
+            	dbURL := fmt.Sprintf("postgres://postgres:****@localhost:%d/testdb?sslmode=disable", freePort)
+            	fullDbURL := fmt.Sprintf("postgres://postgres:%s@localhost:%d/testdb?sslmode=disable", randomPassword, freePort)
-            	// Print the database URL
+            	// Print the database URL without the password
             	fmt.Printf("Database URL: %s\n", dbURL)
@@ -154,3 +155,3 @@
             		var err error
-            		db, err = sql.Open("postgres", dbURL)
+            		db, err = sql.Open("postgres", fullDbURL)
             		if err != nil {

@@ -146,2 +146,4 @@
             	dbURL := fmt.Sprintf("postgres://postgres:%s@localhost:%d/testdb?sslmode=disable", randomPassword, freePort)
+            	// Create a version of the dbURL without the password for logging
+            	dbURLForLog := fmt.Sprintf("postgres://postgres:****@localhost:%d/testdb?sslmode=disable", freePort)
@@ -260,3 +262,3 @@
             	fmt.Printf("Average rate: %.2f events/second\n", float64(totalEvents)/elapsed.Seconds())
-            	fmt.Printf("Database URL: %s\n", dbURL)
+            	fmt.Printf("Database URL: %s\n", dbURLForLog)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: bol load: additinal metric release #5257

chore: bol load: additinal metric release #5257

lvrach commented Nov 1, 2024

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

chore: bol load: additinal metric release #5257

Are you sure you want to change the base?

chore: bol load: additinal metric release #5257

Conversation

lvrach commented Nov 1, 2024