From 44ba131987a44230813a23e1b0164ff63ec9cf68 Mon Sep 17 00:00:00 2001
From: tison <wander4096@gmail.com>
Date: Thu, 4 Jan 2024 22:53:20 +0800
Subject: [PATCH] fix: improve redact sql regexp (#3080)

Signed-off-by: tison <wander4096@gmail.com>
---
 src/sql/src/util.rs | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/sql/src/util.rs b/src/sql/src/util.rs
index 3d29af6ad87b..9a931e02cb9e 100644
--- a/src/sql/src/util.rs
+++ b/src/sql/src/util.rs
@@ -21,8 +21,8 @@ use sqlparser::ast::{ObjectName, SqlOption, Value};
 
 static SQL_SECRET_PATTERNS: LazyLock<Vec<Regex>> = LazyLock::new(|| {
     vec![
-        Regex::new(r#"(?i)access_key_id=["'](\w*)["'].*"#).unwrap(),
-        Regex::new(r#"(?i)secret_access_key=["'](\w*)["'].*"#).unwrap(),
+        Regex::new(r#"(?i)access_key_id=["']([^"']*)["'].*"#).unwrap(),
+        Regex::new(r#"(?i)secret_access_key=["']([^"']*)["'].*"#).unwrap(),
     ]
 });
 
@@ -93,5 +93,11 @@ mod test {
             ),
             r#"COPY 'my_table' FROM '/test.orc' WITH (FORMAT = 'orc') CONNECTION(ENDPOINT = 's3.storage.site', REGION = 'hz', ACCESS_KEY_ID='******', SECRET_ACCESS_KEY="******");"#
         );
+        assert_eq!(
+            redact_sql_secrets(
+                r#"COPY 'my_table' FROM '/test.orc' WITH (FORMAT = 'orc') CONNECTION(ENDPOINT = 's3.storage.site', REGION = 'hz', ACCESS_KEY_ID='@scoped/key_id', SECRET_ACCESS_KEY="@scoped/access_key");"#
+            ),
+            r#"COPY 'my_table' FROM '/test.orc' WITH (FORMAT = 'orc') CONNECTION(ENDPOINT = 's3.storage.site', REGION = 'hz', ACCESS_KEY_ID='******', SECRET_ACCESS_KEY="******");"#
+        );
     }
 }