diff --git a/src/base/pegasus_utils.h b/src/base/pegasus_utils.h index b521209681..20c65b926e 100644 --- a/src/base/pegasus_utils.h +++ b/src/base/pegasus_utils.h @@ -28,8 +28,11 @@ #include #include +#include "utils/flags.h" #include "utils/string_view.h" +DSN_DECLARE_bool(encrypt_data_at_rest); + namespace dsn { class rpc_address; } // namespace dsn @@ -40,6 +43,7 @@ namespace utils { // it's seconds since 2016.01.01-00:00:00 GMT const uint32_t epoch_begin = 1451606400; inline uint32_t epoch_now() { return time(nullptr) - epoch_begin; } +const static std::string kRedactedString = ""; // extract "host" from rpc_address void addr2host(const ::dsn::rpc_address &addr, char *str, int len); @@ -97,6 +101,15 @@ std::string c_escape_string(const T &src, bool always_escape = false) return s; } +template +std::string c_escape_sensitive_string(const T &src, bool always_escape = false) +{ + if (FLAGS_encrypt_data_at_rest) { + return kRedactedString; + } + return c_escape_string(src, always_escape); +} + // ---------------------------------------------------------------------- // c_unescape_string() // Copies 'src' to 'dest', unescaping '0xFF'-style escape sequences to @@ -106,6 +119,16 @@ std::string c_escape_string(const T &src, bool always_escape = false) // ---------------------------------------------------------------------- int c_unescape_string(const std::string &src, std::string &dest); +template +const std::string &redact_sensitive_string(const T &src) +{ + if (FLAGS_encrypt_data_at_rest) { + return kRedactedString; + } else { + return src; + } +} + inline dsn::string_view to_string_view(rocksdb::Slice s) { return {s.data(), s.size()}; } inline rocksdb::Slice to_rocksdb_slice(dsn::string_view s) { return {s.data(), s.size()}; } diff --git a/src/base/test/redact_sensitive_string_test.cpp b/src/base/test/redact_sensitive_string_test.cpp new file mode 100644 index 0000000000..d0bbcd7c61 --- /dev/null +++ b/src/base/test/redact_sensitive_string_test.cpp @@ -0,0 +1,69 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +// IWYU pragma: no_include +// IWYU pragma: no_include +#include +#include + +#include "base/pegasus_utils.h" + +const std::string test_string = "pegasus"; + +TEST(pegasus_utils, redact_sensitive_string) +{ + FLAGS_encrypt_data_at_rest = true; + auto result_string = pegasus::utils::redact_sensitive_string(test_string); + ASSERT_EQ(pegasus::utils::kRedactedString, result_string); +} + +TEST(pegasus_utils, redact_sensitive_string_with_encrypt) +{ + FLAGS_encrypt_data_at_rest = false; + auto result_string = pegasus::utils::redact_sensitive_string(test_string); + ASSERT_EQ("pegasus", result_string); +} + +TEST(pegasus_utils, c_escape_sensitive_string_with_no_encrypt_and_escape) +{ + FLAGS_encrypt_data_at_rest = false; + auto result_string = pegasus::utils::c_escape_sensitive_string(test_string, false); + ASSERT_EQ("pegasus", result_string); +} + +TEST(pegasus_utils, c_escape_sensitive_string_with_no_encrypt) +{ + FLAGS_encrypt_data_at_rest = false; + auto result_string = pegasus::utils::c_escape_sensitive_string(test_string, true); + ASSERT_EQ("\\x70\\x65\\x67\\x61\\x73\\x75\\x73", result_string); +} + +TEST(pegasus_utils, c_escape_sensitive_string_with_encrypt) +{ + FLAGS_encrypt_data_at_rest = true; + auto result_string = pegasus::utils::c_escape_sensitive_string(test_string, false); + ASSERT_EQ(pegasus::utils::kRedactedString, result_string); +} + +TEST(pegasus_utils, c_escape_sensitive_string_with_encrypt_and_escape) +{ + FLAGS_encrypt_data_at_rest = true; + auto result_string = pegasus::utils::c_escape_sensitive_string(test_string, true); + ASSERT_EQ(pegasus::utils::kRedactedString, result_string); +} diff --git a/src/geo/lib/geo_client.cpp b/src/geo/lib/geo_client.cpp index 0d4927695e..31953fa81d 100644 --- a/src/geo/lib/geo_client.cpp +++ b/src/geo/lib/geo_client.cpp @@ -138,8 +138,8 @@ int geo_client::set(const std::string &hash_key, auto async_set_callback = [&](int ec_, pegasus_client::internal_info &&info_) { if (ec_ != PERR_OK) { LOG_ERROR("set data failed. hash_key={}, sort_key={}, error={}", - hash_key, - sort_key, + utils::redact_sensitive_string(hash_key), + utils::redact_sensitive_string(sort_key), get_error_string(ec_)); ret = ec_; } @@ -186,8 +186,8 @@ void geo_client::async_set(const std::string &hash_key, if (ec_ != PERR_OK) { LOG_ERROR("set {} data failed. hash_key={}, sort_key={}, error={}", data_type_ == DataType::common ? "common" : "geo", - hash_key, - sort_key, + utils::redact_sensitive_string(hash_key), + utils::redact_sensitive_string(sort_key), get_error_string(ec_)); *ret = ec_; } @@ -238,8 +238,8 @@ int geo_client::get(const std::string &hash_key, lng_degrees = lng_degrees_; } else { LOG_WARNING("get data failed. hash_key={}, sort_key={}, error={}", - hash_key, - sort_key, + utils::redact_sensitive_string(hash_key), + utils::redact_sensitive_string(sort_key), get_error_string(ec_)); } ret = ec_; @@ -269,8 +269,8 @@ void geo_client::async_get(const std::string &hash_key, S2LatLng latlng; if (!_codec.decode_from_value(value_, latlng)) { LOG_ERROR("decode_from_value failed. hash_key={}, sort_key={}, value={}", - hash_key, - sort_key, + utils::redact_sensitive_string(hash_key), + utils::redact_sensitive_string(sort_key), value_); cb(PERR_GEO_DECODE_VALUE_ERROR, id, 0, 0); return; @@ -290,8 +290,8 @@ int geo_client::del(const std::string &hash_key, auto async_del_callback = [&](int ec_, pegasus_client::internal_info &&info_) { if (ec_ != PERR_OK) { LOG_ERROR("del data failed. hash_key={}, sort_key={}, error={}", - hash_key, - sort_key, + utils::redact_sensitive_string(hash_key), + utils::redact_sensitive_string(sort_key), get_error_string(ec_)); ret = ec_; } @@ -358,8 +358,8 @@ void geo_client::async_del(const std::string &hash_key, if (ec__ != PERR_OK) { LOG_ERROR("del {} data failed. hash_key={}, sort_key={}, error={}", data_type_ == DataType::common ? "common" : "geo", - hash_key, - sort_key, + utils::redact_sensitive_string(hash_key), + utils::redact_sensitive_string(sort_key), get_error_string(ec_)); *ret = ec__; } @@ -391,8 +391,8 @@ int geo_client::set_geo_data(const std::string &hash_key, if (ec_ != PERR_OK) { ret = ec_; LOG_ERROR("set geo data failed. hash_key={}, sort_key={}, error={}", - hash_key, - sort_key, + utils::redact_sensitive_string(hash_key), + utils::redact_sensitive_string(sort_key), get_error_string(ec_)); } set_completed.notify(); @@ -521,8 +521,8 @@ void geo_client::async_search_radial(const std::string &hash_key, ](int ec_, std::string &&value_, pegasus_client::internal_info &&) mutable { if (ec_ != PERR_OK) { LOG_ERROR("get failed. hash_key={}, sort_key={}, error={}", - hash_key, - sort_key, + utils::redact_sensitive_string(hash_key), + utils::redact_sensitive_string(sort_key), get_error_string(ec_)); cb(ec_, {}); return; @@ -531,8 +531,8 @@ void geo_client::async_search_radial(const std::string &hash_key, S2LatLng latlng; if (!_codec.decode_from_value(value_, latlng)) { LOG_ERROR("decode_from_value failed. hash_key={}, sort_key={}, value={}", - hash_key, - sort_key, + utils::redact_sensitive_string(hash_key), + utils::redact_sensitive_string(sort_key), value_); cb(ec_, {}); return; @@ -726,8 +726,8 @@ bool geo_client::generate_geo_keys(const std::string &hash_key, S2LatLng latlng; if (!_codec.decode_from_value(value, latlng)) { LOG_ERROR("decode_from_value failed. hash_key={}, sort_key={}, value={}", - hash_key, - sort_key, + utils::redact_sensitive_string(hash_key), + utils::redact_sensitive_string(sort_key), value); return false; } @@ -919,7 +919,8 @@ void geo_client::do_scan(pegasus_client::pegasus_scanner_wrapper scanner_wrapper if (distance <= S2Earth::ToMeters(cap_ptr->radius())) { std::string origin_hash_key, origin_sort_key; if (!restore_origin_keys(geo_sort_key, origin_hash_key, origin_sort_key)) { - LOG_ERROR("restore_origin_keys failed. geo_sort_key={}", geo_sort_key); + LOG_ERROR("restore_origin_keys failed. geo_sort_key={}", + utils::redact_sensitive_string(geo_sort_key)); cb(); return; } @@ -955,10 +956,10 @@ int geo_client::distance(const std::string &hash_key1, LOG_ERROR( "get distance failed. hash_key1={}, sort_key1={}, hash_key2={}, sort_key2={}, " "error={}", - hash_key1, - sort_key1, - hash_key2, - sort_key2, + utils::redact_sensitive_string(hash_key1), + utils::redact_sensitive_string(sort_key1), + utils::redact_sensitive_string(hash_key2), + utils::redact_sensitive_string(sort_key2), get_error_string(ec_)); ret = ec_; } @@ -988,10 +989,10 @@ void geo_client::async_distance(const std::string &hash_key1, if (ec_ != PERR_OK) { LOG_ERROR("get data failed. hash_key1={}, sort_key1={}, hash_key2={}, sort_key2={}, " "error={}", - hash_key1, - sort_key1, - hash_key2, - sort_key2, + utils::redact_sensitive_string(hash_key1), + utils::redact_sensitive_string(sort_key1), + utils::redact_sensitive_string(hash_key2), + utils::redact_sensitive_string(sort_key2), get_error_string(ec_)); *ret = ec_; } diff --git a/src/server/hotkey_collector.cpp b/src/server/hotkey_collector.cpp index 0574652f28..026851e2b2 100644 --- a/src/server/hotkey_collector.cpp +++ b/src/server/hotkey_collector.cpp @@ -196,7 +196,7 @@ inline void hotkey_collector::change_state_by_result() if (!_result.hot_hash_key.empty()) { change_state_to_finished(); LOG_ERROR_PREFIX("Find the hotkey: {}", - pegasus::utils::c_escape_string(_result.hot_hash_key)); + pegasus::utils::c_escape_sensitive_string(_result.hot_hash_key)); } break; default: @@ -277,7 +277,7 @@ void hotkey_collector::on_start_detect(dsn::replication::detect_hotkey_response hint = fmt::format("{} hotkey result has been found: {}, you can send a stop rpc to " "restart hotkey detection", dsn::enum_to_string(_hotkey_type), - pegasus::utils::c_escape_string(_result.hot_hash_key)); + pegasus::utils::c_escape_sensitive_string(_result.hot_hash_key)); break; case hotkey_collector_state::STOPPED: change_state_to_coarse_detecting(); @@ -314,7 +314,7 @@ void hotkey_collector::query_result(dsn::replication::detect_hotkey_response &re LOG_INFO_PREFIX(hint); } else { resp.err = dsn::ERR_OK; - resp.__set_hotkey_result(pegasus::utils::c_escape_string(_result.hot_hash_key)); + resp.__set_hotkey_result(pegasus::utils::c_escape_sensitive_string(_result.hot_hash_key)); } } diff --git a/src/server/pegasus_server_impl.cpp b/src/server/pegasus_server_impl.cpp index 9bc325ba9d..975effe706 100644 --- a/src/server/pegasus_server_impl.cpp +++ b/src/server/pegasus_server_impl.cpp @@ -369,8 +369,8 @@ void pegasus_server_impl::on_get(get_rpc rpc) LOG_ERROR_PREFIX("rocksdb get failed for get from {}: hash_key = \"{}\", sort_key = " "\"{}\", error = {}", rpc.remote_address(), - ::pegasus::utils::c_escape_string(hash_key), - ::pegasus::utils::c_escape_string(sort_key), + ::pegasus::utils::c_escape_sensitive_string(hash_key), + ::pegasus::utils::c_escape_sensitive_string(sort_key), status.ToString()); } else if (!status.IsNotFound()) { LOG_ERROR_PREFIX("rocksdb get failed for get from {}: error = {}", @@ -393,8 +393,8 @@ void pegasus_server_impl::on_get(get_rpc rpc) "hash_key = {}, sort_key = {}, return = {}, " "value_size = {}, time_used = {} ns", rpc.remote_address(), - ::pegasus::utils::c_escape_string(hash_key), - ::pegasus::utils::c_escape_string(sort_key), + ::pegasus::utils::c_escape_sensitive_string(hash_key), + ::pegasus::utils::c_escape_sensitive_string(sort_key), status.ToString(), value.size(), time_used); @@ -508,17 +508,17 @@ void pegasus_server_impl::on_multi_get(multi_get_rpc rpc) "sort_key_filter_pattern = \"{}\", final_start = \"{}\" ({}), final_stop = " "\"{}\" ({})", rpc.remote_address(), - ::pegasus::utils::c_escape_string(request.hash_key), - ::pegasus::utils::c_escape_string(request.start_sortkey), + ::pegasus::utils::c_escape_sensitive_string(request.hash_key), + ::pegasus::utils::c_escape_sensitive_string(request.start_sortkey), request.start_inclusive ? "inclusive" : "exclusive", - ::pegasus::utils::c_escape_string(request.stop_sortkey), + ::pegasus::utils::c_escape_sensitive_string(request.stop_sortkey), request.stop_inclusive ? "inclusive" : "exclusive", ::dsn::apps::_filter_type_VALUES_TO_NAMES.find(request.sort_key_filter_type) ->second, - ::pegasus::utils::c_escape_string(request.sort_key_filter_pattern), - ::pegasus::utils::c_escape_string(start), + ::pegasus::utils::c_escape_sensitive_string(request.sort_key_filter_pattern), + ::pegasus::utils::c_escape_sensitive_string(start), start_inclusive ? "inclusive" : "exclusive", - ::pegasus::utils::c_escape_string(stop), + ::pegasus::utils::c_escape_sensitive_string(stop), stop_inclusive ? "inclusive" : "exclusive"); } resp.error = rocksdb::Status::kOk; @@ -685,7 +685,7 @@ void pegasus_server_impl::on_multi_get(multi_get_rpc rpc) LOG_ERROR_PREFIX("rocksdb scan failed for multi_get from {}: hash_key = \"{}\", " "reverse = {}, error = {}", rpc.remote_address(), - ::pegasus::utils::c_escape_string(request.hash_key), + ::pegasus::utils::c_escape_sensitive_string(request.hash_key), request.reverse ? "true" : "false", it->status().ToString()); } else { @@ -730,12 +730,13 @@ void pegasus_server_impl::on_multi_get(multi_get_rpc rpc) // print log if (!status.ok()) { if (FLAGS_rocksdb_verbose_log) { - LOG_ERROR_PREFIX("rocksdb get failed for multi_get from {}: hash_key = \"{}\", " - "sort_key = \"{}\", error = {}", - rpc.remote_address(), - ::pegasus::utils::c_escape_string(request.hash_key), - ::pegasus::utils::c_escape_string(request.sort_keys[i]), - status.ToString()); + LOG_ERROR_PREFIX( + "rocksdb get failed for multi_get from {}: hash_key = \"{}\", " + "sort_key = \"{}\", error = {}", + rpc.remote_address(), + ::pegasus::utils::c_escape_sensitive_string(request.hash_key), + ::pegasus::utils::c_escape_sensitive_string(request.sort_keys[i]), + status.ToString()); } else if (!status.IsNotFound()) { LOG_ERROR_PREFIX("rocksdb get failed for multi_get from {}: error = {}", rpc.remote_address(), @@ -803,13 +804,13 @@ void pegasus_server_impl::on_multi_get(multi_get_rpc rpc) "result_count = {}, result_size = {}, iteration_count = {}, " "expire_count = {}, filter_count = {}, time_used = {} ns", rpc.remote_address(), - ::pegasus::utils::c_escape_string(request.hash_key), - ::pegasus::utils::c_escape_string(request.start_sortkey), + ::pegasus::utils::c_escape_sensitive_string(request.hash_key), + ::pegasus::utils::c_escape_sensitive_string(request.start_sortkey), request.start_inclusive ? "inclusive" : "exclusive", - ::pegasus::utils::c_escape_string(request.stop_sortkey), + ::pegasus::utils::c_escape_sensitive_string(request.stop_sortkey), request.stop_inclusive ? "inclusive" : "exclusive", ::dsn::apps::_filter_type_VALUES_TO_NAMES.find(request.sort_key_filter_type)->second, - ::pegasus::utils::c_escape_string(request.sort_key_filter_pattern), + ::pegasus::utils::c_escape_sensitive_string(request.sort_key_filter_pattern), request.max_kv_count, request.max_kv_size, request.reverse ? "true" : "false", @@ -894,8 +895,8 @@ void pegasus_server_impl::on_batch_get(batch_get_rpc rpc) LOG_ERROR_PREFIX( "rocksdb data expired for batch_get from {}, hash_key = {}, sort_key = {}", rpc.remote_address().to_string(), - pegasus::utils::c_escape_string(hash_key), - pegasus::utils::c_escape_string(sort_key)); + pegasus::utils::c_escape_sensitive_string(hash_key), + pegasus::utils::c_escape_sensitive_string(sort_key)); } continue; } @@ -1011,7 +1012,7 @@ void pegasus_server_impl::on_sortkey_count(sortkey_count_rpc rpc) LOG_ERROR_PREFIX( "rocksdb scan failed for sortkey_count from {}: hash_key = \"{}\", error = {}", rpc.remote_address(), - ::pegasus::utils::c_escape_string(hash_key), + ::pegasus::utils::c_escape_sensitive_string(hash_key), it->status().ToString()); } else { LOG_ERROR_PREFIX("rocksdb scan failed for sortkey_count from {}: error = {}", @@ -1071,8 +1072,8 @@ void pegasus_server_impl::on_ttl(ttl_rpc rpc) LOG_ERROR_PREFIX("rocksdb get failed for ttl from {}: hash_key = \"{}\", sort_key = " "\"{}\", error = {}", rpc.remote_address(), - ::pegasus::utils::c_escape_string(hash_key), - ::pegasus::utils::c_escape_string(sort_key), + ::pegasus::utils::c_escape_sensitive_string(hash_key), + ::pegasus::utils::c_escape_sensitive_string(sort_key), status.ToString()); } else if (!status.IsNotFound()) { LOG_ERROR_PREFIX("rocksdb get failed for ttl from {}: error = {}", @@ -1181,9 +1182,9 @@ void pegasus_server_impl::on_get_scanner(get_scanner_rpc rpc) LOG_WARNING_PREFIX("empty key range for get_scanner from {}: start_key = \"{}\" ({}), " "stop_key = \"{}\" ({})", rpc.remote_address(), - ::pegasus::utils::c_escape_string(request.start_key), + ::pegasus::utils::c_escape_sensitive_string(request.start_key), request.start_inclusive ? "inclusive" : "exclusive", - ::pegasus::utils::c_escape_string(request.stop_key), + ::pegasus::utils::c_escape_sensitive_string(request.stop_key), request.stop_inclusive ? "inclusive" : "exclusive"); } resp.error = rocksdb::Status::kOk; @@ -1288,9 +1289,9 @@ void pegasus_server_impl::on_get_scanner(get_scanner_rpc rpc) "({}), stop_key = \"{}\" ({}), batch_size = {}, read_count = {}, " "error = {}", rpc.remote_address(), - ::pegasus::utils::c_escape_string(start), + ::pegasus::utils::c_escape_sensitive_string(start), request.start_inclusive ? "inclusive" : "exclusive", - ::pegasus::utils::c_escape_string(stop), + ::pegasus::utils::c_escape_sensitive_string(stop), request.stop_inclusive ? "inclusive" : "exclusive", batch_count, count, @@ -1459,7 +1460,7 @@ void pegasus_server_impl::on_scan(scan_rpc rpc) "\"{}\" ({}), batch_size = {}, read_count = {}, error = {}", rpc.remote_address(), request.context_id, - ::pegasus::utils::c_escape_string(stop), + ::pegasus::utils::c_escape_sensitive_string(stop), stop_inclusive ? "inclusive" : "exclusive", batch_count, count, @@ -3449,31 +3450,32 @@ std::string pegasus_server_impl::dump_write_request(dsn::message_ex *request) ::dsn::blob hash_key, sort_key; pegasus_restore_key(put.key, hash_key, sort_key); return fmt::format("put: hash_key={}, sort_key={}", - pegasus::utils::c_escape_string(hash_key), - pegasus::utils::c_escape_string(sort_key)); + pegasus::utils::c_escape_sensitive_string(hash_key), + pegasus::utils::c_escape_sensitive_string(sort_key)); } if (rpc_code == dsn::apps::RPC_RRDB_RRDB_MULTI_PUT) { auto multi_put = multi_put_rpc(request).request(); return fmt::format("multi_put: hash_key={}, multi_put_count={}", - pegasus::utils::c_escape_string(multi_put.hash_key), + pegasus::utils::c_escape_sensitive_string(multi_put.hash_key), multi_put.kvs.size()); } if (rpc_code == dsn::apps::RPC_RRDB_RRDB_CHECK_AND_SET) { auto check_and_set = check_and_set_rpc(request).request(); return fmt::format("check_and_set: hash_key={}, check_sort_key={}, set_sort_key={}", - pegasus::utils::c_escape_string(check_and_set.hash_key), - pegasus::utils::c_escape_string(check_and_set.check_sort_key), - pegasus::utils::c_escape_string(check_and_set.set_sort_key)); + pegasus::utils::c_escape_sensitive_string(check_and_set.hash_key), + pegasus::utils::c_escape_sensitive_string(check_and_set.check_sort_key), + pegasus::utils::c_escape_sensitive_string(check_and_set.set_sort_key)); } if (rpc_code == dsn::apps::RPC_RRDB_RRDB_CHECK_AND_MUTATE) { auto check_and_mutate = check_and_mutate_rpc(request).request(); - return fmt::format("check_and_mutate: hash_key={}, check_sort_key={}, set_value_count={}", - pegasus::utils::c_escape_string(check_and_mutate.hash_key), - pegasus::utils::c_escape_string(check_and_mutate.check_sort_key), - check_and_mutate.mutate_list.size()); + return fmt::format( + "check_and_mutate: hash_key={}, check_sort_key={}, set_value_count={}", + pegasus::utils::c_escape_sensitive_string(check_and_mutate.hash_key), + pegasus::utils::c_escape_sensitive_string(check_and_mutate.check_sort_key), + check_and_mutate.mutate_list.size()); } return "default"; diff --git a/src/server/pegasus_server_write.cpp b/src/server/pegasus_server_write.cpp index 1c6399cc27..b00f016ed2 100644 --- a/src/server/pegasus_server_write.cpp +++ b/src/server/pegasus_server_write.cpp @@ -172,8 +172,8 @@ void pegasus_server_write::request_key_check(int64_t decree, "decree: {}, code: {}, hash_key: {}, sort_key: {}", decree, msg->local_rpc_code.to_string(), - utils::c_escape_string(hash_key), - utils::c_escape_string(sort_key)); + utils::c_escape_sensitive_string(hash_key), + utils::c_escape_sensitive_string(sort_key)); } } diff --git a/src/server/pegasus_write_service_impl.h b/src/server/pegasus_write_service_impl.h index 69b71c6ba4..fa4c44e4ab 100644 --- a/src/server/pegasus_write_service_impl.h +++ b/src/server/pegasus_write_service_impl.h @@ -217,7 +217,7 @@ class pegasus_write_service::impl : public dsn::replication::replica_base LOG_ERROR_PREFIX("incr failed: decree = {}, error = " "old value \"{}\" is not an integer or out of range", decree, - utils::c_escape_string(old_value)); + utils::c_escape_sensitive_string(old_value)); resp.error = rocksdb::Status::kInvalidArgument; // we should write empty record to update rocksdb's last flushed decree return empty_put(decree); @@ -290,8 +290,8 @@ class pegasus_write_service::impl : public dsn::replication::replica_base LOG_ERROR_ROCKSDB("Error to GetCheckValue for CheckAndSet decree: {}, hash_key: {}, " "check_sort_key: {}", decree, - utils::c_escape_string(update.hash_key), - utils::c_escape_string(update.check_sort_key)); + utils::c_escape_sensitive_string(update.hash_key), + utils::c_escape_sensitive_string(update.check_sort_key)); resp.error = err; return resp.error; } @@ -410,8 +410,8 @@ class pegasus_write_service::impl : public dsn::replication::replica_base LOG_ERROR_ROCKSDB("Error to GetCheckValue for CheckAndMutate decree: {}, hash_key: {}, " "check_sort_key: {}", decree, - utils::c_escape_string(update.hash_key), - utils::c_escape_string(update.check_sort_key)); + utils::c_escape_sensitive_string(update.hash_key), + utils::c_escape_sensitive_string(update.check_sort_key)); resp.error = err; return resp.error; } @@ -650,7 +650,7 @@ class pegasus_write_service::impl : public dsn::replication::replica_base LOG_ERROR_PREFIX("check failed: decree = {}, error = " "check value \"{}\" is not an integer or out of range", decree, - utils::c_escape_string(value)); + utils::c_escape_sensitive_string(value)); invalid_argument = true; return false; } @@ -660,7 +660,7 @@ class pegasus_write_service::impl : public dsn::replication::replica_base LOG_ERROR_PREFIX("check failed: decree = {}, error = " "check operand \"{}\" is not an integer or out of range", decree, - utils::c_escape_string(check_operand)); + utils::c_escape_sensitive_string(check_operand)); invalid_argument = true; return false; } diff --git a/src/server/rocksdb_wrapper.cpp b/src/server/rocksdb_wrapper.cpp index 59cd199d27..3fe882a420 100644 --- a/src/server/rocksdb_wrapper.cpp +++ b/src/server/rocksdb_wrapper.cpp @@ -96,8 +96,8 @@ int rocksdb_wrapper::get(dsn::string_view raw_key, /*out*/ db_get_context *ctx) LOG_ERROR_ROCKSDB("Get", s.ToString(), "hash_key: {}, sort_key: {}", - utils::c_escape_string(hash_key), - utils::c_escape_string(sort_key)); + utils::c_escape_sensitive_string(hash_key), + utils::c_escape_sensitive_string(sort_key)); return s.code(); } @@ -156,8 +156,8 @@ int rocksdb_wrapper::write_batch_put_ctx(const db_write_context &ctx, s.ToString(), "decree: {}, hash_key: {}, sort_key: {}, expire_ts: {}", ctx.decree, - utils::c_escape_string(hash_key), - utils::c_escape_string(sort_key), + utils::c_escape_sensitive_string(hash_key), + utils::c_escape_sensitive_string(sort_key), expire_sec); } return s.code(); @@ -203,8 +203,8 @@ int rocksdb_wrapper::write_batch_delete(int64_t decree, dsn::string_view raw_key s.ToString(), "decree: {}, hash_key: {}, sort_key: {}", decree, - utils::c_escape_string(hash_key), - utils::c_escape_string(sort_key)); + utils::c_escape_sensitive_string(hash_key), + utils::c_escape_sensitive_string(sort_key)); } return s.code(); }