internal/postgres: redact password in error messages

Change-Id: I487f1dd3d6e925b1d95a2ddd7726d7a1b4ed9e42 Reviewed-on: https://team-review.git.corp.google.com/c/golang/discovery/+/599091 CI-Result: Cloud Build <devtools-proctor-result-processor@system.gserviceaccount.com> Reviewed-by: Julie Qiu <julieqiu@google.com>
2019-11-16 16:37:27 -05:00 · 2019-11-16 16:37:27 -05:00 · e3686d6d16
--- a/internal/postgres/postgres.go
+++ b/internal/postgres/postgres.go
@ -8,6 +8,7 @@ import (
 	"context"
 	"database/sql"
 	"fmt"
+	"regexp"
 	"strings"
 	"sync/atomic"
 	"time"
@ -136,7 +137,8 @@ func logQuery(query string, args []interface{}) func(*error) {

 // Open creates a new DB for the given Postgres connection string.
 func Open(driverName, dbinfo string) (_ *DB, err error) {
-	defer derrors.Wrap(&err, "postgres.Open(%q, %q)", driverName, dbinfo)
+	defer derrors.Wrap(&err, "postgres.Open(%q, %q)",
+		driverName, redactPassword(dbinfo))

 	db, err := sql.Open(driverName, dbinfo)
 	if err != nil {
@ -149,6 +151,12 @@ func Open(driverName, dbinfo string) (_ *DB, err error) {
 	return &DB{db}, nil
 }

+var passwordRegexp = regexp.MustCompile(`password=\S+`)
+
+func redactPassword(dbinfo string) string {
+	return passwordRegexp.ReplaceAllLiteralString(dbinfo, "password=REDACTED")
+}
+
 // Transact executes the given function in the context of a SQL transaction,
 // rolling back the transaction if the function panics or returns an error.
 func (db *DB) Transact(txFunc func(*sql.Tx) error) (err error) {