Sunday, 12 December 2021

jaydebeapi under pytest leaking environment variable content in logs

I am connecting to a db using jaydebeapi and a jdbc driver using the following snippet, that works fine when the all parameters are correctly specified. I am storing my credentials in environment variables e.g. os.environ.get('credentials')

import jaydebeapi as dbdriver
import os
cnxn = None
server_name=''
server_jdbc_port=
server_database=''
name_env_credentials=''
name_env_pwd=''

try:

    driver_path = "XXXXXXX"
    conn_uri = "jdbc:://%s:%s/%s?" % (server_name,server_jdbc_port,   server_database)

    cnxn = dbdriver.connect( "XXXXXXX",
                    conn_uri,
                    driver_args = {"user": os.environ.get(name_env_credentials),
    "password":  os.environ.get(name_env_pwd)},
                    jars = driver_path)
    print('Connection open')
except (Exception) as error:
    raise error
finally: # in any case close connection and free resources
    if cnxn is not None:
        cnxn.close()
        print('Database connection closed.')

If there are some errors in my credentials/access rights I get, which is ok.

java.sql.SQLExceptionPyRaisable: java.sql.SQLException: authentication error: 
Insufficient privileges to connect to the database 'XXXXX'

However, when I wrap the above into a function, pytest-parametrized on server_name,server_jdbc_port,server_database,name_env_credentials,name_env_pwd.

######test_issue.py   
@pytest.mark.parametrize("server_name,server_jdbc_port,server_database,name_env_credentials,name_env_pwd", testdata)
    def test_connectivity():
           # above code

When I run

pytest test_issue.py

and an error in raised, the I find my credentials in plain text in the logs, which is a problem. To be precise, I am not seeing the content name_env_credentials (would be acceptable) but really the contents of os.environ.get(name_env_credentials) (below for example MYPLAINTEXTUSERNAME) in the test logs/tracebacks

test_issue.py:56: in test_connectivity
    cnxn = dbdriver.connect( "--------",
/opt/conda/lib/python3.8/site-packages/jaydebeapi/__init__.py:412: in connect
    jconn = _jdbc_connect(jclassname, url, driver_args, jars, libs)

[........]
driver_args = {'password': MYPLAINTEXTPASSWORD, 'user': MYPLAINTEXTUSERNAME}
[........]


jaydebeapi.__version__='1.2.3'


from jaydebeapi under pytest leaking environment variable content in logs
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)