executor: remove sensitive information in slow-log and statement (#18107

) (#18129) Signed-off-by: ti-srebot <[email protected]> Signed-off-by: crazycs520 <[email protected]>
pingcap · Jul 6, 2020 · 65406be · 65406be
1 parent c7c017d
commit 65406be
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/executor/adapter.go b/executor/adapter.go
@@ -700,7 +700,12 @@ func (a *ExecStmt) LogSlowQuery(txnTS uint64, succ bool, hasMoreResults bool) {
 	if costTime < threshold && level > zapcore.DebugLevel {
 		return
 	}
-	sql := FormatSQL(a.Text, sessVars.PreparedParams)
+	var sql stringutil.StringerFunc
+	if sensitiveStmt, ok := a.StmtNode.(ast.SensitiveStmtNode); ok {
+		sql = FormatSQL(sensitiveStmt.SecureText(), nil)
+	} else {
+		sql = FormatSQL(a.Text, sessVars.PreparedParams)
+	}
 
 	var tableIDs, indexNames string
 	if len(sessVars.StmtCtx.TableIDs) > 0 {
@@ -837,10 +842,13 @@ func (a *ExecStmt) SummaryStmt() {
 	if sessVars.User != nil {
 		userString = sessVars.User.Username
 	}
-
+	sql := a.Text
+	if sensitiveStmt, ok := a.StmtNode.(ast.SensitiveStmtNode); ok {
+		sql = sensitiveStmt.SecureText()
+	}
 	stmtsummary.StmtSummaryByDigestMap.AddStatement(&stmtsummary.StmtExecInfo{
 		SchemaName:     strings.ToLower(sessVars.CurrentDB),
-		OriginalSQL:    a.Text,
+		OriginalSQL:    sql,
 		NormalizedSQL:  normalizedSQL,
 		Digest:         digest,
 		PrevSQL:        prevSQL,