Page MenuHomePhabricator
Differential D19811

Keep the new "%P" query conversion out of the service call profiler by unmasking later
ClosedPublic
Actions

Authored by epriestley on Nov 15 2018, 1:28 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Nov 23, 5:12 AM
Unknown Object (File)
Thu, Nov 14, 7:45 AM
Unknown Object (File)
Fri, Nov 8, 6:23 PM
Unknown Object (File)
Fri, Nov 8, 6:09 PM
Unknown Object (File)
Fri, Nov 8, 2:28 PM
Unknown Object (File)
Fri, Nov 8, 2:28 PM
Unknown Object (File)
Fri, Nov 8, 12:35 PM
Unknown Object (File)
Fri, Nov 8, 11:33 AM
View All Files
Subscribers
None

Details

Reviewers
amckinley
Maniphest Tasks
T6960: Support %P in qsprintf()
T13216: 2018 Week 45-47 Bonus Content
T13217: Upgrading: Hardening of qsprintf()
Commits
rPHU35d0ec2dfa59: Keep the new "%P" query conversion out of the service call profiler by…
Summary

Ref T13216. Ref T13217. Ref T6960. Although the new "%P" (password/secret) conversion can mask values, we currently convert it too early in the stack, and pass the unmasked query to the service call profiler. This means the unmasked query appears in the service call profiler, etc.

Instead, unmask slightly later in the stack so the call profiler gets the masked string.

Test Plan

See next change.

Diff Detail

Repository
rPHU libphutil
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
src/
aphront/
storage/
connection/
2 lines
9 lines
mysql/
7 lines
xsprintf/
4 lines

Diff 47348

View Options

src/aphront/storage/connection/AphrontDatabaseConnection.php

Loading...
View Options

src/aphront/storage/connection/AphrontIsolatedDatabaseConnection.php

Loading...
View Options

src/aphront/storage/connection/mysql/AphrontBaseMySQLDatabaseConnection.php

Loading...
View Options

src/xsprintf/queryfx.php

Loading...
Phabricator · Built by Phacility