Add partial backup option #297
Conversation
FreddieAkeroyd
force-pushed
the
part_backup
branch
from
1dc910f to
c7b5870
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| "sample", | ||
| ] | ||
| if args.dry_run: | ||
| print(command) |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 month ago
The best way to fix this problem is to prevent the password from being printed to the console in clear text. This can be achieved by making a shallow copy of the command list and replacing the password argument (the string starting with --password=) with a masked version (e.g., --password=*****) before printing it. The original command list should remain unaltered, as it is used by subprocess.run to execute the actual backup.
Specifically, in installation_and_upgrade/part_truncate_archive.py, in the block starting at line 109 where the command is built, and in the if args.dry_run: block (line 125–126), modify what is printed:
- Instead of printing
commanddirectly, construct a masked version (command_to_print) where the password is replaced with a masked placeholder (e.g.,*****). - Print this masked version instead.
No new methods or definitions are strictly needed, as a simple list comprehension suffices; however, you could factor out the masking logic into a small helper function for clarity if desired. No new imports are required.
| @@ -123,7 +123,12 @@ | ||
| "sample", | ||
| ] | ||
| if args.dry_run: | ||
| print(command) | ||
| # Mask password in the printed command for safety | ||
| command_to_print = [ | ||
| arg if not arg.startswith("--password=") else "--password=*****" | ||
| for arg in command | ||
| ] | ||
| print(command_to_print) | ||
| else: | ||
| subprocess.run(command, check=True) | ||
|
|
FreddieAkeroyd
force-pushed
the
part_backup
branch
from
c7b5870 to
c2438e0
Compare
No description provided.