[PR] security(logging): mask database passwords in CLI output and exception metadata [superset]

[via GitHub]

Ujjwaljain16 opened a new pull request, #38229:
URL: https://github.com/apache/superset/pull/38229

   ### SUMMARY
   
   This PR hardens Superset against accidental credential exposure by masking 
database passwords when SQLAlchemy URIs are printed or attached to exception 
metadata.
   
   Previously, raw database URIs could appear in:
   
   * CLI output (`superset test-db`)
   * Connection timeout exception metadata
   * Initialization error messages when the metadata database connection fails
   
   This change ensures passwords are masked at the URI stringification boundary 
using Superset’s existing 
`make_url_safe(...).render_as_string(hide_password=True)` pattern.
   
   The fix is intentionally surgical:
   
   * No global logging behavior changes
   * No formatter modifications
   * No recursive masking logic
   * No behavior changes to connection handling
   * No performance impact (masking occurs only in CLI/error paths)
   
   Only formatting at output boundaries has been updated.
   
   ---
   
   ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
   
   Not applicable (backend/CLI hardening only).
   
   ---
   
   ### TESTING INSTRUCTIONS
   
   Manual verification:
   
   1. Set an invalid database URI with a password:
   
      ```
      export 
SQLALCHEMY_DATABASE_URI=postgresql://user:secretpass@localhost:5432/db
      ```
   
   2. Run:
   
      ```
      superset db upgrade
      ```
   
      If the connection fails, the error output should display:
   
      ```
      postgresql://user:***@localhost:5432/db
      ```
   
   3. Run:
   
      ```
      superset test-db postgresql://user:secretpass@localhost/db
      ```
   
      The CLI output should show:
   
      ```
      SQLAlchemy URI: postgresql://user:***@localhost/db
      ```
   
   4. Trigger a connection timeout via `TestConnectionDatabaseCommand` and 
verify that:
   
      * `extra["sqlalchemy_uri"]` does not contain the password
      * Host and database name remain visible
   
   Automated tests have been added covering:
   
   * CLI masking
   * Exception metadata masking
   * Initialization failure masking
   * Malformed URI handling
   
   ---
   
   ### ADDITIONAL INFORMATION
   
   * [x] Has associated issue: Fixes #36492
   * [ ] Required feature flags
   * [ ] Changes UI
   * [ ] Includes DB Migration
   * [ ] Introduces new feature or API
   * [ ] Removes existing feature or API
   
   This change is positioned as security hardening and introduces no functional 
or API changes.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org