zrguo
GitHub
11
.github/dependabot.yml
vendored
Normal file
11
.github/dependabot.yml
vendored
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
# To get started with Dependabot version updates, you'll need to specify which
|
||||||
|
# package ecosystems to update and where the package manifests are located.
|
||||||
|
# Please see the documentation for all configuration options:
|
||||||
|
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
|
||||||
|
|
||||||
|
version: 2
|
||||||
|
updates:
|
||||||
|
- package-ecosystem: "pip" # See documentation for possible values
|
||||||
|
directory: "/" # Location of package manifests
|
||||||
|
schedule:
|
||||||
|
interval: "weekly"
|
||||||
21
SECURITY.md
Normal file
21
SECURITY.md
Normal file
@@ -0,0 +1,21 @@
|
|||||||
|
# Security Policy
|
||||||
|
|
||||||
|
## Supported Versions
|
||||||
|
|
||||||
|
Use this section to tell people about which versions of your project are
|
||||||
|
currently being supported with security updates.
|
||||||
|
|
||||||
|
| Version | Supported |
|
||||||
|
| ------- | ------------------ |
|
||||||
|
| 5.1.x | :white_check_mark: |
|
||||||
|
| 5.0.x | :x: |
|
||||||
|
| 4.0.x | :white_check_mark: |
|
||||||
|
| < 4.0 | :x: |
|
||||||
|
|
||||||
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
|
Use this section to tell people how to report a vulnerability.
|
||||||
|
|
||||||
|
Tell them where to go, how often they can expect to get an update on a
|
||||||
|
reported vulnerability, what to expect if the vulnerability is accepted or
|
||||||
|
declined, etc.
|
||||||
@@ -23,6 +23,14 @@ if not pm.is_installed("sqlalchemy"):
|
|||||||
from sqlalchemy import create_engine, text # type: ignore
|
from sqlalchemy import create_engine, text # type: ignore
|
||||||
|
|
||||||
|
|
||||||
|
def sanitize_sensitive_info(data: dict) -> dict:
|
||||||
|
sanitized_data = data.copy()
|
||||||
|
sensitive_fields = ['password', 'user', 'host', 'database', 'port', 'ssl_verify_cert', 'ssl_verify_identity']
|
||||||
|
for field in sensitive_fields:
|
||||||
|
if field in sanitized_data:
|
||||||
|
sanitized_data[field] = '***'
|
||||||
|
return sanitized_data
|
||||||
|
|
||||||
class TiDB:
|
class TiDB:
|
||||||
def __init__(self, config, **kwargs):
|
def __init__(self, config, **kwargs):
|
||||||
self.host = config.get("host", None)
|
self.host = config.get("host", None)
|
||||||
@@ -38,9 +46,9 @@ class TiDB:
|
|||||||
|
|
||||||
try:
|
try:
|
||||||
self.engine = create_engine(connection_string)
|
self.engine = create_engine(connection_string)
|
||||||
logger.info(f"Connected to TiDB database at {self.database}")
|
logger.info("Connected to TiDB database")
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.error(f"Failed to connect to TiDB database at {self.database}")
|
logger.error("Failed to connect to TiDB database")
|
||||||
logger.error(f"TiDB database error: {e}")
|
logger.error(f"TiDB database error: {e}")
|
||||||
raise
|
raise
|
||||||
|
|
||||||
@@ -55,13 +63,13 @@ class TiDB:
|
|||||||
try:
|
try:
|
||||||
await self.query(f"SELECT 1 FROM {k}".format(k=k))
|
await self.query(f"SELECT 1 FROM {k}".format(k=k))
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.error(f"Failed to check table {k} in TiDB database")
|
logger.error("Failed to check table in TiDB database")
|
||||||
logger.error(f"TiDB database error: {e}")
|
logger.error(f"TiDB database error: {e}")
|
||||||
try:
|
try:
|
||||||
await self.execute(v["ddl"])
|
await self.execute(v["ddl"])
|
||||||
logger.info(f"Created table {k} in TiDB database")
|
logger.info("Created table in TiDB database")
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.error(f"Failed to create table {k} in TiDB database")
|
logger.error("Failed to create table in TiDB database")
|
||||||
logger.error(f"TiDB database error: {e}")
|
logger.error(f"TiDB database error: {e}")
|
||||||
|
|
||||||
# After all tables are created, try to migrate timestamp fields
|
# After all tables are created, try to migrate timestamp fields
|
||||||
@@ -82,7 +90,10 @@ class TiDB:
|
|||||||
try:
|
try:
|
||||||
result = conn.execute(text(sql), params)
|
result = conn.execute(text(sql), params)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.error(f"Tidb database,\nsql:{sql},\nparams:{params},\nerror:{e}")
|
sanitized_params = sanitize_sensitive_info(params)
|
||||||
|
sanitized_params = sanitize_sensitive_info(params)
|
||||||
|
sanitized_error = sanitize_sensitive_info({'error': str(e)})
|
||||||
|
logger.error(f"Tidb database,\nsql:{sql},\nparams:{sanitized_params},\nerror:{sanitized_error}")
|
||||||
raise
|
raise
|
||||||
if multirows:
|
if multirows:
|
||||||
rows = result.all()
|
rows = result.all()
|
||||||
@@ -107,7 +118,9 @@ class TiDB:
|
|||||||
else:
|
else:
|
||||||
conn.execute(text(sql), parameters=data)
|
conn.execute(text(sql), parameters=data)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.error(f"Tidb database,\nsql:{sql},\ndata:{data},\nerror:{e}")
|
sanitized_data = sanitize_sensitive_info(data) if data else None
|
||||||
|
sanitized_error = sanitize_sensitive_info({'error': str(e)})
|
||||||
|
logger.error(f"Tidb database,\nsql:{sql},\ndata:{sanitized_data},\nerror:{sanitized_error}")
|
||||||
raise
|
raise
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user