chore(vulnerability): Insertion of sensitive information into log fil…

…es (#11088)
datahub-project · Aug 3, 2024 · aeef69c · aeef69c
1 parent c572d39
commit aeef69c
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 7 deletions.
diff --git a/.../src/main/java/com/linkedin/datahub/graphql/resolvers/auth/RevokeAccessTokenResolver.java b/.../src/main/java/com/linkedin/datahub/graphql/resolvers/auth/RevokeAccessTokenResolver.java
@@ -41,7 +41,7 @@ public CompletableFuture<Boolean> get(DataFetchingEnvironment environment) throw
           final QueryContext context = environment.getContext();
           final String tokenId = bindArgument(environment.getArgument("tokenId"), String.class);
 
-          log.info("User {} revoking access token {}", context.getActorUrn(), tokenId);
+          log.info("User {} revoking access token", context.getActorUrn());
 
           if (isAuthorizedToRevokeToken(context, tokenId)) {
             try {

diff --git a/.../main/java/com/linkedin/datahub/graphql/resolvers/ingest/secret/DeleteSecretResolver.java b/.../main/java/com/linkedin/datahub/graphql/resolvers/ingest/secret/DeleteSecretResolver.java
@@ -23,16 +23,16 @@ public DeleteSecretResolver(final EntityClient entityClient) {
   public CompletableFuture<String> get(final DataFetchingEnvironment environment) throws Exception {
     final QueryContext context = environment.getContext();
     if (IngestionAuthUtils.canManageSecrets(context)) {
-      final String secretUrn = environment.getArgument("urn");
-      final Urn urn = Urn.createFromString(secretUrn);
+      final String inputUrn = environment.getArgument("urn");
+      final Urn urn = Urn.createFromString(inputUrn);
       return GraphQLConcurrencyUtils.supplyAsync(
           () -> {
             try {
               _entityClient.deleteEntity(context.getOperationContext(), urn);
-              return secretUrn;
+              return inputUrn;
             } catch (Exception e) {
               throw new RuntimeException(
-                  String.format("Failed to perform delete against secret with urn %s", secretUrn),
+                  String.format("Failed to perform delete against secret with urn %s", inputUrn),
                   e);
             }
           },

diff --git a/metadata-utils/src/main/java/com/linkedin/metadata/utils/SearchUtil.java b/metadata-utils/src/main/java/com/linkedin/metadata/utils/SearchUtil.java
@@ -54,10 +54,10 @@ public static List<FilterValue> convertToFilters(
 
   public static FilterValue createFilterValue(String value, Long facetCount, Boolean isFilteredOn) {
     // TODO(indy): test this
-    String[] aggregationTokens = value.split(AGGREGATION_SEPARATOR_CHAR);
+    String[] aggregations = value.split(AGGREGATION_SEPARATOR_CHAR);
     FilterValue result =
         new FilterValue().setValue(value).setFacetCount(facetCount).setFiltered(isFilteredOn);
-    String lastValue = aggregationTokens[aggregationTokens.length - 1];
+    String lastValue = aggregations[aggregations.length - 1];
     if (lastValue.startsWith(URN_PREFIX)) {
       try {
         result.setEntity(Urn.createFromString(lastValue));