Merge pull request #19 from vinaybyrappa/main

MYSQL-7 : Password Values not redacted in the shell logs , MYSQL-18 Environment refresh and discovery operation shows passwords/sensitive data

Author: vinaybyrappa

.github/workflows/codeql.yml

@@ -0,0 +1,74 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '24 4 * * 2'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'python' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #   echo "Run, Build Application using script"
+    #   ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"

src/common/utils.py

@@ -1,3 +1,7 @@
+#
+# Copyright (c) 2021, 2023 by Delphix. All rights reserved.
+#
+
 import logging
 import random
 import time

src/dboperations/dboperations.py

@@ -1,3 +1,7 @@
+#
+# Copyright (c) 2021, 2023 by Delphix. All rights reserved.
+#
+
 import logging
 import random
 import time
@@ -37,7 +41,6 @@ def stop_mysql(port,connection,baseDir,vdbConn,pwd):
     if(port_stat == Status.ACTIVE):
         logger.debug("DB is Running. Shutting down.")
         shutdown_cmd = "%s/bin/mysqladmin %s'%s' --protocol=TCP --port=%s shutdown" % (baseDir,vdbConn,pwd,port)
-        logger.debug("Shutdown Command: {}".format(shutdown_cmd))
         result = libs.run_bash(connection, shutdown_cmd,environment_vars,check=True)
         output = result.stdout.strip()
         error = result.stderr.strip()
@@ -46,7 +49,7 @@ def stop_mysql(port,connection,baseDir,vdbConn,pwd):
             logger.debug("There was an error trying to shutdown the database : "+error)
             raise MySQLShutdownException(error)
         else:
-            logger.debug("Output: "+output)
+            logger.debug("DB shutdown completed")
         time.sleep(25)
         if(Status.ACTIVE == get_port_status(port,connection)):
             logger.debug("KILL")  
@@ -97,7 +100,6 @@ def get_port_status(port,connection):
         except Exception as err:
             logger.debug("Port Check Failed for second cmd: "+err.message)      
     logger.debug("Port Status Response >")
-    logger.debug(output)
 
     if output== "":
         logger.debug("MySQL DB is NOT RUNNING at Port:"+myport)
@@ -130,7 +132,6 @@ def start_mysql(installPath,baseDir,mountPath,port,serverId,connection):
     if(port_stat == Status.INACTIVE):
         logger.debug("DB is not running. Starting the MySQL DB")
         start_cmd=get_start_cmd(installPath,baseDir,mountPath,port,serverId)
-        logger.debug("Startup Command: {}".format(start_cmd))
         result = libs.run_bash(connection, start_cmd,environment_vars,check=True)
         output = result.stdout.strip()
         error = result.stderr.strip()
@@ -139,7 +140,7 @@ def start_mysql(installPath,baseDir,mountPath,port,serverId,connection):
             logger.debug("There was an error trying to start the DB : "+error)
             raise MySQLStartupException(error)
         else:
-            logger.debug("Output: "+output)
+            logger.debug("DB Started")
         time.sleep(25)
         if(Status.ACTIVE == get_port_status(port,connection)):
             logger.debug("DB Started Successfully")
@@ -168,12 +169,11 @@ def start_slave(connection,installPath,port,connString,username,pwd,hostIp):
         raise Exception("One of the required params for MySQL Connection is empty")
     else:
         start_slave_cmd=CommandFactory.start_replication(connection,installPath,port,connString,username,pwd,hostIp)
-        logger.debug("Connection String with {}".format(start_slave_cmd))     
         try:
             logger.debug("Starting Slave")
             result = libs.run_bash(connection, start_slave_cmd,environment_vars,check=True)
             output = result.stdout.strip()
-            logger.debug("Start Slave Output: {}".format(output))
+            logger.debug("Start Slave Completed")
         except Exception as err:
             logger.debug("Starting Slave Failed: "+err.message)
             raise err
@@ -187,17 +187,16 @@ def stop_slave(connection,installPath,port,connString,username,pwd,hostIp):
         raise Exception("One of the required params for MySQL Connection is empty")
     else:
         stop_slave_cmd=CommandFactory.stop_replication(connection,installPath,port,connString,username,pwd,hostIp)
-        logger.debug("Connection String with {}".format(stop_slave_cmd))    
         try:
             logger.debug("Stopping Replication")
             result = libs.run_bash(connection, stop_slave_cmd,environment_vars,check=True)
             _output=result.stdout.strip()
             _bashErrMsg=result.stderr.strip()
             _bashErrCode=result.exit_code
             if _bashErrCode!=0:
-                logger.debug("Stopping Slave was not succesful")
+                logger.debug("Stopping Slave was not successful")
                 raise Exception(_bashErrMsg)
-            logger.debug("Start Slave Response: {}".format(_output))
+            logger.debug("Stop Replication successful")
         except Exception as err:
             logger.debug("Stop Replication Failed Due To: "+err.message)       
             logger.debug("Ignoring and continuing")
@@ -213,7 +212,6 @@ def get_connection_cmd(installPath,port,connString,username,pwd,hostIp):
         raise ValueError("One of the required params for MySQL Connection is empty")
     else:
         connection_cmd=CommandFactory.connect_to_mysql(installPath,port,connString,username,pwd,hostIp)
-        logger.debug("connaction_cmd >"+connection_cmd) 
     return connection_cmd
 
 def get_start_cmd(installPath,baseDir,mountPath,port,serverId):

src/plugin_runner.py

@@ -1,3 +1,7 @@
+#
+# Copyright (c) 2021, 2023 by Delphix. All rights reserved.
+#
+
 import pkgutil
 import logging
 import sys
@@ -105,9 +109,6 @@ def configure(virtual_source, snapshot, repository):
 def reconfigure(virtual_source, repository, source_config, snapshot):
     logger.debug("virtual.reconfigure > Start")
     start(virtual_source, repository, source_config)
-    logger.debug(source_config)
-    logger.debug("Snapshot")
-    logger.debug(snapshot)
     #srcConfig = configure(virtual_source,snapshot,repository)
     logger.debug("virtual.reconfigure > End")
     virtual_status(virtual_source, repository, source_config)
@@ -140,7 +141,6 @@ def virtual_post_snapshot(virtual_source, repository, source_config):
     snapshot.snap_backup_path=""
     snapshot.snap_time=utils.get_current_time()
     logger.debug("SnapShot Definition Created")
-    logger.debug(snapshot)
     return snapshot
 
 @plugin.virtual.start()