From bde7915969a112444b7fcdad9f589fd071583bd9 Mon Sep 17 00:00:00 2001
From: VenkateshPabbati <venkateshpabbati@gmail.com>
Date: Wed, 9 Apr 2025 20:40:55 +0530
Subject: [PATCH 1/4] Potential fix for code scanning alert no. 8: Clear-text
 logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 lightrag/kg/tidb_impl.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lightrag/kg/tidb_impl.py b/lightrag/kg/tidb_impl.py
index e57357de..2094c598 100644
--- a/lightrag/kg/tidb_impl.py
+++ b/lightrag/kg/tidb_impl.py
@@ -23,6 +23,12 @@ if not pm.is_installed("sqlalchemy"):
 from sqlalchemy import create_engine, text  # type: ignore
 
 
+def sanitize_sensitive_info(data: dict) -> dict:
+    sanitized_data = data.copy()
+    if 'password' in sanitized_data:
+        sanitized_data['password'] = '***'
+    return sanitized_data
+
 class TiDB:
     def __init__(self, config, **kwargs):
         self.host = config.get("host", None)
@@ -69,7 +75,8 @@ class TiDB:
             try:
                 result = conn.execute(text(sql), params)
             except Exception as e:
-                logger.error(f"Tidb database,\nsql:{sql},\nparams:{params},\nerror:{e}")
+                sanitized_params = sanitize_sensitive_info(params)
+                logger.error(f"Tidb database,\nsql:{sql},\nparams:{sanitized_params},\nerror:{e}")
                 raise
             if multirows:
                 rows = result.all()
@@ -94,7 +101,8 @@ class TiDB:
                 else:
                     conn.execute(text(sql), parameters=data)
         except Exception as e:
-            logger.error(f"Tidb database,\nsql:{sql},\ndata:{data},\nerror:{e}")
+            sanitized_data = sanitize_sensitive_info(data) if data else None
+            logger.error(f"Tidb database,\nsql:{sql},\ndata:{sanitized_data},\nerror:{e}")
             raise
 
 

From f1063e0e121f9ae9d9d342de0a64403ef5faa0d0 Mon Sep 17 00:00:00 2001
From: VenkateshPabbati <venkateshpabbati@gmail.com>
Date: Wed, 9 Apr 2025 20:43:16 +0530
Subject: [PATCH 2/4] Potential fix for code scanning alert no. 13: Clear-text
 logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 lightrag/kg/tidb_impl.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/lightrag/kg/tidb_impl.py b/lightrag/kg/tidb_impl.py
index 2094c598..e47ab177 100644
--- a/lightrag/kg/tidb_impl.py
+++ b/lightrag/kg/tidb_impl.py
@@ -25,8 +25,10 @@ from sqlalchemy import create_engine, text  # type: ignore
 
 def sanitize_sensitive_info(data: dict) -> dict:
     sanitized_data = data.copy()
-    if 'password' in sanitized_data:
-        sanitized_data['password'] = '***'
+    sensitive_fields = ['password', 'user', 'host', 'database']
+    for field in sensitive_fields:
+        if field in sanitized_data:
+            sanitized_data[field] = '***'
     return sanitized_data
 
 class TiDB:
@@ -76,7 +78,7 @@ class TiDB:
                 result = conn.execute(text(sql), params)
             except Exception as e:
                 sanitized_params = sanitize_sensitive_info(params)
-                logger.error(f"Tidb database,\nsql:{sql},\nparams:{sanitized_params},\nerror:{e}")
+                logger.error(f"Tidb database,\nsql:{sql},\nparams:{sanitized_params},\nerror:{sanitize_sensitive_info({'error': str(e)})}")
                 raise
             if multirows:
                 rows = result.all()
@@ -102,7 +104,7 @@ class TiDB:
                     conn.execute(text(sql), parameters=data)
         except Exception as e:
             sanitized_data = sanitize_sensitive_info(data) if data else None
-            logger.error(f"Tidb database,\nsql:{sql},\ndata:{sanitized_data},\nerror:{e}")
+            logger.error(f"Tidb database,\nsql:{sql},\ndata:{sanitized_data},\nerror:{sanitize_sensitive_info({'error': str(e)})}")
             raise
 
 

From 730dd7d5f0843058a9db6eed2433ccb76ec726f0 Mon Sep 17 00:00:00 2001
From: VenkateshPabbati <venkateshpabbati@gmail.com>
Date: Wed, 9 Apr 2025 20:49:59 +0530
Subject: [PATCH 3/4] Potential fix for code scanning alert no. 14: Clear-text
 logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 lightrag/kg/tidb_impl.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lightrag/kg/tidb_impl.py b/lightrag/kg/tidb_impl.py
index e47ab177..026ada76 100644
--- a/lightrag/kg/tidb_impl.py
+++ b/lightrag/kg/tidb_impl.py
@@ -78,7 +78,7 @@ class TiDB:
                 result = conn.execute(text(sql), params)
             except Exception as e:
                 sanitized_params = sanitize_sensitive_info(params)
-                logger.error(f"Tidb database,\nsql:{sql},\nparams:{sanitized_params},\nerror:{sanitize_sensitive_info({'error': str(e)})}")
+                logger.error(f"Tidb database,\nsql:{sql},\nparams:{sanitize_sensitive_info(params)},\nerror:{sanitize_sensitive_info({'error': str(e)})}")
                 raise
             if multirows:
                 rows = result.all()
@@ -104,7 +104,7 @@ class TiDB:
                     conn.execute(text(sql), parameters=data)
         except Exception as e:
             sanitized_data = sanitize_sensitive_info(data) if data else None
-            logger.error(f"Tidb database,\nsql:{sql},\ndata:{sanitized_data},\nerror:{sanitize_sensitive_info({'error': str(e)})}")
+            logger.error(f"Tidb database,\nsql:{sql},\ndata:{sanitize_sensitive_info(data) if data else None},\nerror:{sanitize_sensitive_info({'error': str(e)})}")
             raise
 
 

From d6fc14360fcc2fc1d7255a03206a81208f7d1611 Mon Sep 17 00:00:00 2001
From: VenkateshPabbati <venkateshpabbati@gmail.com>
Date: Wed, 9 Apr 2025 20:51:56 +0530
Subject: [PATCH 4/4] Potential fix for code scanning alert no. 15: Clear-text
 logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 lightrag/kg/tidb_impl.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lightrag/kg/tidb_impl.py b/lightrag/kg/tidb_impl.py
index 026ada76..f909be8b 100644
--- a/lightrag/kg/tidb_impl.py
+++ b/lightrag/kg/tidb_impl.py
@@ -78,7 +78,8 @@ class TiDB:
                 result = conn.execute(text(sql), params)
             except Exception as e:
                 sanitized_params = sanitize_sensitive_info(params)
-                logger.error(f"Tidb database,\nsql:{sql},\nparams:{sanitize_sensitive_info(params)},\nerror:{sanitize_sensitive_info({'error': str(e)})}")
+                sanitized_params = sanitize_sensitive_info(params)
+                logger.error(f"Tidb database,\nsql:{sql},\nparams:{sanitized_params},\nerror:{sanitize_sensitive_info({'error': str(e)})}")
                 raise
             if multirows:
                 rows = result.all()
@@ -104,7 +105,7 @@ class TiDB:
                     conn.execute(text(sql), parameters=data)
         except Exception as e:
             sanitized_data = sanitize_sensitive_info(data) if data else None
-            logger.error(f"Tidb database,\nsql:{sql},\ndata:{sanitize_sensitive_info(data) if data else None},\nerror:{sanitize_sensitive_info({'error': str(e)})}")
+            logger.error(f"Tidb database,\nsql:{sql},\ndata:{sanitized_data},\nerror:{sanitize_sensitive_info({'error': str(e)})}")
             raise