Deep clone options, fixes #4499

Ensures any password mangling doesn't affect the runtime options
2022-11-09 13:52:34 -05:00 · 2020-04-01 08:11:44 -07:00 · 2020-04-01 08:11:44 -07:00 · 3f9c4bf90b
commit 3f9c4bf90b
parent 432f95f3f2
3 changed files with 17 additions and 12 deletions
--- a/Changes.md
+++ b/Changes.md
@ -8,6 +8,7 @@ HEAD
 - Refactor systemd integration to work better with custom binaries [#4511]
 - Don't connect to Redis at process exit if not needed [#4502]
 - Remove Redis connection naming [#4479]
+- Fix Redis Sentinel password redaction [#4499]

 6.0.6
 ---------
--- a/lib/sidekiq/redis_connection.rb
+++ b/lib/sidekiq/redis_connection.rb
@ -94,9 +94,10 @@ module Sidekiq
      end

      def log_info(options)
-        # Don't log Redis AUTH password
        redacted = "REDACTED"
-        scrubbed_options = options.dup
+
+        # deep clone so we can muck with these options all we want
+        scrubbed_options = Marshal.load(Marshal.dump(options))
        if scrubbed_options[:url] && (uri = URI.parse(scrubbed_options[:url])) && uri.password
          uri.password = redacted
          scrubbed_options[:url] = uri.to_s
--- a/test/test_redis_connection.rb
+++ b/test/test_redis_connection.rb
@ -190,19 +190,22 @@ describe Sidekiq::RedisConnection do

    describe 'logging redis options' do
      it 'redacts credentials' do
+        options = {
+          role: 'master',
+          master_name: 'mymaster',
+          sentinels: [
+            { host: 'host1', port: 26379, password: 'secret'},
+            { host: 'host2', port: 26379, password: 'secret'},
+            { host: 'host3', port: 26379, password: 'secret'},
+           ],
+           password: 'secret'
+        }
+
        output = capture_logging do
-          Sidekiq::RedisConnection.create(
-            role: 'master',
-            master_name: 'mymaster',
-            sentinels: [
-              { host: 'host1', port: 26379, password: 'secret'},
-              { host: 'host2', port: 26379, password: 'secret'},
-              { host: 'host3', port: 26379, password: 'secret'},
-             ],
-             password: 'secret'
-           )
+          Sidekiq::RedisConnection.create(options)
        end

+        refute_includes(options.inspect, "REDACTED")
        assert_includes(output, ':host=>"host1", :port=>26379, :password=>"REDACTED"')
        assert_includes(output, ':host=>"host2", :port=>26379, :password=>"REDACTED"')
        assert_includes(output, ':host=>"host3", :port=>26379, :password=>"REDACTED"')