Package net.snowflake.client.util

Class SecretDetector

java.lang.Object

net.snowflake.client.util.SecretDetector

public class SecretDetector
extends Object

Search for credentials in sql and/or other text

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	SecretDetector.SecretDetectorJSONStyle

Constructor Summary

Constructors

Constructor	Description
SecretDetector()

Method Summary

Modifier and Type	Method	Description
static String	filterAccessTokens(String message)	Filter access tokens that might be buried in JSON.
static boolean	isSensitive(String name)	Check whether the name is sensitive
static String	maskAWSSecret(String sql)	mask AWS secret in the input string
static com.fasterxml.jackson.databind.JsonNode	maskJacksonNode(com.fasterxml.jackson.databind.JsonNode node)
static net.minidev.json.JSONArray	maskJsonArray(net.minidev.json.JSONArray array)
static net.minidev.json.JSONObject	maskJsonObject(net.minidev.json.JSONObject json)
static String	maskParameterValue(String key, String value)	Mask sensitive parameter values.
static String	maskSASToken(String text)	Masks SAS token(s) in the input string
static String	maskSecrets(String text)	Masks any secrets present in the input string.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecretDetector

public SecretDetector()

Method Detail

isSensitive

public static boolean isSensitive(String name)

Check whether the name is sensitive

Parameters:

name -

maskParameterValue

public static String maskParameterValue(String key,
                                        String value)

Mask sensitive parameter values. Used currently for connection parameters whose values are to be recorded for each session.

Parameters:

key - parameter key

value - parameter value, which is sometimes masked

Returns:

the original value if the parameter key does not mark it as sensitive, or return a masked text if the key is determined to be sensitive.

maskAWSSecret

public static String maskAWSSecret(String sql)

mask AWS secret in the input string

Parameters:

sql - The sql text to mask

Returns:

masked string

maskSASToken

public static String maskSASToken(String text)

Masks SAS token(s) in the input string

Parameters:

text - Text which may contain SAS token(s)

Returns:

Masked string

maskSecrets

public static String maskSecrets(String text)

Masks any secrets present in the input string. This currently checks for SAS tokens (maskSASToken(String)) and AWS keys (maskAWSSecret(String).

Parameters:

text - Text which may contain secrets

Returns:

Masked string

filterAccessTokens

public static String filterAccessTokens(String message)

Filter access tokens that might be buried in JSON. Currently only used to filter the scopedCreds passed for XP binary downloads

Parameters:

message - the message text which may contain secrets

Returns:

Return filtered message

maskJsonObject

public static net.minidev.json.JSONObject maskJsonObject(net.minidev.json.JSONObject json)

maskJsonArray

public static net.minidev.json.JSONArray maskJsonArray(net.minidev.json.JSONArray array)

maskJacksonNode

public static com.fasterxml.jackson.databind.JsonNode maskJacksonNode(com.fasterxml.jackson.databind.JsonNode node)