From b904c17ee94d7b9cfadb5477131de0d27424001c Mon Sep 17 00:00:00 2001 From: Jason Bryan Date: Mon, 1 Jul 2024 10:20:56 -0400 Subject: [PATCH] Avoid logging ES credentials from running Rally processes (#1863) --------- Co-authored-by: Grzegorz Banasiak --- esrally/utils/process.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/esrally/utils/process.py b/esrally/utils/process.py index 18eb22c43..6a283a723 100644 --- a/esrally/utils/process.py +++ b/esrally/utils/process.py @@ -179,9 +179,19 @@ def find_all_other_rally_processes() -> List[psutil.Process]: return others +def redact_cmdline(cmdline: list) -> List[str]: + """ + Redact client options in cmdline as it contains sensitive information like passwords + """ + + return ["=".join((value.split("=")[0], '"*****"')) if "--client-options" in value else value for value in cmdline] + + def kill_all(predicate: Callable[[psutil.Process], bool]) -> None: def kill(p: psutil.Process): - logging.getLogger(__name__).info("Killing lingering process with PID [%s] and command line [%s].", p.pid, p.cmdline()) + logging.getLogger(__name__).info( + "Killing lingering process with PID [%s] and command line [%s].", p.pid, redact_cmdline(p.cmdline()) + ) p.kill() # wait until process has terminated, at most 3 seconds. Otherwise we might run into race conditions with actor system # sockets that are still open.